site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-03-24 Java Web Start Sun has published "Security Vulnerability With Java Web Start" which is fixed for Mac OS X in Security Update 2005-002. Systems that have already installed Security Update 2005-002 do not need to re-install it. Available for: Java 1.4.2 CVE-ID: CAN-2005-0418 Impact: Updates Java to address an issue in Java Web Start that allows an untrusted application to elevate its privileges Description: A vulnerability in Java Web Start allows an untrusted application to elevate its privileges. For example an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the Java Web Start application. Releases prior to Java 1.4.2 are not affected by this vulnerability. Further information is available in Document ID 57740 from Sun's security web site at http://sunsolve.sun.com/ Security Update 2005-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: "SecUpd2005-002Pan.dmg" Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQkMyO5yw5owIz4TQAQIqeQf/fZT+5GtD0KLg1+0vxGA1vMg9DHSR9Qn7 cC5ckoSMZ/GQanETCCKc0/tfWYjR2vG2aRhk86kizLiXcRx7Jyfsk4EKWA4AxDjY 0aDinb4hLeSRrIxTL1Wr4njqT8S+M5s1OtMv4DI2YE0+SMZSY4ozDaD2slo5jPqm 59EY1D7eOK0OGaYbi95YTKB5eTc9X8PavR7Yp+ELzt7rzrogZPAFgFwLr7I7Fs0e ip00If3gk51wBD/Fg1IvVA9cVizrd554DUat7NtzY7nVxGB6WzEiBY547/fJqyyH xsJLActuzXzO6mXUgTrOMG9/MHHjibrqaE8Fyaifist2CE3Z8riYvQ== =M/Zj -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com