site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-02-22 Security Update 2005-002 Security Update 2005-002 is now available and delivers the following security enhancement for Java 1.4.2: CVE-ID: CAN-2004-1029 Impact: Updates Java to address an issue where an untrusted applet could gain elevated privileges and potentially execute arbitrary code. Description: A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability. Further information is available in Document ID 57591 from Sun's security web site at http://sunsolve.sun.com/ Security Update 2005-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "SecUpd2005-002Pan.dmg" Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQhuqP5yw5owIz4TQAQLeSggAs922mIQhCcw3UytjHLIFCCOUnsNLDjXq MyZr38ACdaRAiDE4+ZZyec3I0YcV35ByRD6B4tLlvLe09E8xdllO/fzZSS3V5qVB gOcIQ15cC2+EDt95ADfuiP4cviw3rIjPyMv+HhUgGMb7hdbDNRHUrh+RDUdIzj4y HY3cvHZnJuz+GuXQqUXhDIwplzS9gy4zmmSVVFWlNjg/3bSlxo230NhZz+9gwWUi 0uIVk6Oo2qXI/F7N2zbdik5VELg0hoThyILRkcvXrdonfLFAU0JG1/6gLOD1nBox MYt/cHfgQ8gFg2SXKMYas5xm6W2hC5XfIycOIqom53nWZQkCPRNR6Q== =V4D9 -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com