[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2005-02-22 Security Update 2005-002

Subject: APPLE-SA-2005-02-22 Security Update 2005-002
From: Apple Product Security <email@hidden>
Date: Tue, 22 Feb 2005 13:56:33 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-02-22 Security Update 2005-002

Security Update 2005-002 is now available and delivers the following
security enhancement for Java 1.4.2:

CVE-ID:  CAN-2004-1029

Impact:  Updates Java to address an issue where an untrusted applet
could gain elevated privileges and potentially execute arbitrary
code.

Description:  A vulnerability in the Java Plug-in may allow an
untrusted applet to escalate privileges, through JavaScript calling
into Java code, including reading and writing files with the
privileges of the user running the applet. Releases prior to Java
1.4.2 on Mac OS X are not affected by this vulnerability. Further
information is available in Document ID 57591 from Sun's security web
site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQhuqP5yw5owIz4TQAQLeSggAs922mIQhCcw3UytjHLIFCCOUnsNLDjXq
MyZr38ACdaRAiDE4+ZZyec3I0YcV35ByRD6B4tLlvLe09E8xdllO/fzZSS3V5qVB
gOcIQ15cC2+EDt95ADfuiP4cviw3rIjPyMv+HhUgGMb7hdbDNRHUrh+RDUdIzj4y
HY3cvHZnJuz+GuXQqUXhDIwplzS9gy4zmmSVVFWlNjg/3bSlxo230NhZz+9gwWUi
0uIVk6Oo2qXI/F7N2zbdik5VELg0hoThyILRkcvXrdonfLFAU0JG1/6gLOD1nBox
MYt/cHfgQ8gFg2SXKMYas5xm6W2hC5XfIycOIqom53nWZQkCPRNR6Q==
=V4D9
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Index(es):
- Date
- Thread

Home