Skip to main content

Apple Mac OS X Java Calendar Deserialisation Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 22 May 2009 5338 Views

RISK: Medium Risk

A vulnerability has been identified in Apple Mac OS X, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in Java within the deserialization of Calendar objects, which could be exploited by attackers to bypass the Java sandbox and execute arbitrary code by tricking a user into visiting a web page containing a malicious applet.


Impact

  • Remote Code Execution

System / Technologies affected

  • Apple Mac OS X versions 10.x
  • Apple Mac OS X Server versions 10.x

Solutions

Note: There is no patch available for this vulnerability currently.


Vulnerability Identifier


Source


Related Link