ID: 3762
Date: 13/02/2009
Title: 3762 - APPLE-SA-2009-02-12 Java for Mac OS X 10.5 Update 3
Platform level affected:Operating System
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Net-enabled software: Other
Security software:Other
Other software: Run-time Environment
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Sun
Applications affected:OS X
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: www.apple.com
Reliability of source: Trusted
Source URL: http://support.apple.com/kb/HT1222
CVE: CVE-2008-2086, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343
Abstract: Java for Mac OS X 10.5 Update 3 is now available
APPLE-SA-2009-02-12 Java for Mac OS X 10.5 Update 3
Java for Mac OS X 10.5 Update 3 is now available and addresses the
following:
Java
CVE-ID: CVE-2008-2086, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343 Available for: Mac OS X v10.5.6 and later with Java for Mac OS X 10.5 Update 2, Mac OS X Server v10.5.6 and later with Java for Mac OS X 10.5 Update 2
Impact: Multiple vulnerabilities in Java Web Start and Java Plug-in
Description: Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user. This update provides patches for the Java Bug IDs 6694892, 6707535, 6727081 and 6767668 from Sun Microsystems.
Java for Mac OS X 10.5 Update 3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The download file is named: JavaForMacOSX10.5Update3.dmg Its SHA-1 digest is: c4b2a1ed7a6629a0dee6498758c69d5b473ed6dc
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at:
https://www.apple.com/support/security/pgp/
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Fri, 13 Feb 2009 10:15:00 GMT
Domain affected: Technical