[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2005-03-24 Java Web Start

Subject: APPLE-SA-2005-03-24 Java Web Start
From: Apple Product Security <email@hidden>
Date: Thu, 24 Mar 2005 13:35:30 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-03-24 Java Web Start

Sun has published "Security Vulnerability With Java Web Start" which
is fixed for Mac OS X in Security Update 2005-002.

Systems that have already installed Security Update 2005-002 do not
need to re-install it.

Available for:  Java 1.4.2
CVE-ID:  CAN-2005-0418
Impact:  Updates Java to address an issue in Java Web Start that
allows an untrusted application to elevate its privileges
Description:  A vulnerability in Java Web Start allows an untrusted
application to elevate its privileges. For example an application may
grant itself permissions to read and write local files or execute
local applications that are accessible to the user running the Java
Web Start application. Releases prior to Java 1.4.2 are not affected
by this vulnerability. Further information is available in Document
ID 57740 from Sun's security web site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQkMyO5yw5owIz4TQAQIqeQf/fZT+5GtD0KLg1+0vxGA1vMg9DHSR9Qn7
cC5ckoSMZ/GQanETCCKc0/tfWYjR2vG2aRhk86kizLiXcRx7Jyfsk4EKWA4AxDjY
0aDinb4hLeSRrIxTL1Wr4njqT8S+M5s1OtMv4DI2YE0+SMZSY4ozDaD2slo5jPqm
59EY1D7eOK0OGaYbi95YTKB5eTc9X8PavR7Yp+ELzt7rzrogZPAFgFwLr7I7Fs0e
ip00If3gk51wBD/Fg1IvVA9cVizrd554DUat7NtzY7nVxGB6WzEiBY547/fJqyyH
xsJLActuzXzO6mXUgTrOMG9/MHHjibrqaE8Fyaifist2CE3Z8riYvQ==
=M/Zj
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2005-03-21 Security Update 2005-003
Previous by thread: APPLE-SA-2005-03-21 Security Update 2005-003
Index(es):
- Date
- Thread

Home