APPLE-SA-2005-02-22 Security Update 2005-002
APPLE-SA-2005-02-22 Security Update 2005-002
- Subject: APPLE-SA-2005-02-22 Security Update 2005-002
- From: Apple Product Security <email@hidden>
- Date: Tue, 22 Feb 2005 13:56:33 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-02-22 Security Update 2005-002
Security Update 2005-002 is now available and delivers the following
security enhancement for Java 1.4.2:
CVE-ID: CAN-2004-1029
Impact: Updates Java to address an issue where an untrusted applet
could gain elevated privileges and potentially execute arbitrary
code.
Description: A vulnerability in the Java Plug-in may allow an
untrusted applet to escalate privileges, through JavaScript calling
into Java code, including reading and writing files with the
privileges of the user running the applet. Releases prior to Java
1.4.2 on Mac OS X are not affected by this vulnerability. Further
information is available in Document ID 57591 from Sun's security web
site at http://sunsolve.sun.com/
Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQhuqP5yw5owIz4TQAQLeSggAs922mIQhCcw3UytjHLIFCCOUnsNLDjXq
MyZr38ACdaRAiDE4+ZZyec3I0YcV35ByRD6B4tLlvLe09E8xdllO/fzZSS3V5qVB
gOcIQ15cC2+EDt95ADfuiP4cviw3rIjPyMv+HhUgGMb7hdbDNRHUrh+RDUdIzj4y
HY3cvHZnJuz+GuXQqUXhDIwplzS9gy4zmmSVVFWlNjg/3bSlxo230NhZz+9gwWUi
0uIVk6Oo2qXI/F7N2zbdik5VELg0hoThyILRkcvXrdonfLFAU0JG1/6gLOD1nBox
MYt/cHfgQ8gFg2SXKMYas5xm6W2hC5XfIycOIqom53nWZQkCPRNR6Q==
=V4D9
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden