Mac OS X Java Multiple Vulnerabilities
RISK: Medium Risk
Some vulnerabilities have been identified in Java for Mac OS X, which can be exploited by malicious people to cause a Denial of Service, to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.
1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. This can potentially be exploited to execute arbitrary code when a user visits a web page containing a specially crafted java applet.
2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet.
Mac OS X 10.4 is reportedly not affected.
3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a Denial of Service, to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.
System / Technologies affected
- Apple Macintosh OS X
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
-- Java for Mac OS X 10.4 --
Update to Release 7:
http://www.apple.com/support/downloads/javaformacosx104release7.html-- Java for Mac OS X 10.5 --
Apply Update 2:
http://www.apple.com/support/downloads/javaformacosx105update2.htm
Vulnerability Identifier
- CVE-2008-1185
- CVE-2008-1186
- CVE-2008-1187
- CVE-2008-1188
- CVE-2008-1189
- CVE-2008-1190
- CVE-2008-1191
- CVE-2008-1192
- CVE-2008-1193
- CVE-2008-1194
- CVE-2008-1195
- CVE-2008-1196
- CVE-2008-3103
- CVE-2008-3104
- CVE-2008-3105
- CVE-2008-3106
- CVE-2008-3107
- CVE-2008-3108
- CVE-2008-3109
- CVE-2008-3110
- CVE-2008-3111
- CVE-2008-3112
- CVE-2008-3113
- CVE-2008-3114
- CVE-2008-3115
- CVE-2008-3637
- CVE-2008-3638
Source
Related Link
Share with