Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2005 > Apple - Java Web Start [APPLE-SA-2005-03-24]

March 2005

Apple - Java Web Start [APPLE-SA-2005-03-24]

ID: 00249
Ref: 228/05
Date: 29 March 2005:16:47:12
Version: 1
Title: Apple - Java Web Start [APPLE-SA-2005-03-24]
Abstract:
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple

Title
=====
Apple - Java Web Start [APPLE-SA-2005-03-24]

Detail
======


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-03-24 Java Web Start

Sun has published "Security Vulnerability With Java Web Start" which
is fixed for Mac OS X in Security Update 2005-002.

Systems that have already installed Security Update 2005-002 do not
need to re-install it.

Available for: Java 1.4.2
CVE-ID: CAN-2005-0418
Impact: Updates Java to address an issue in Java Web Start that
allows an untrusted application to elevate its privileges
Description: A vulnerability in Java Web Start allows an untrusted
application to elevate its privileges. For example an application may
grant itself permissions to read and write local files or execute
local applications that are accessible to the user running the Java
Web Start application. Releases prior to Java 1.4.2 are not affected
by this vulnerability. Further information is available in Document
ID 57740 from Sun's security web site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQkMyO5yw5owIz4TQAQIqeQf/fZT+5GtD0KLg1+0vxGA1vMg9DHSR9Qn7
cC5ckoSMZ/GQanETCCKc0/tfWYjR2vG2aRhk86kizLiXcRx7Jyfsk4EKWA4AxDjY
0aDinb4hLeSRrIxTL1Wr4njqT8S+M5s1OtMv4DI2YE0+SMZSY4ozDaD2slo5jPqm
59EY1D7eOK0OGaYbi95YTKB5eTc9X8PavR7Yp+ELzt7rzrogZPAFgFwLr7I7Fs0e
ip00If3gk51wBD/Fg1IvVA9cVizrd554DUat7NtzY7nVxGB6WzEiBY547/fJqyyH
xsJLActuzXzO6mXUgTrOMG9/MHHjibrqaE8Fyaifist2CE3Z8riYvQ==
=M/Zj
- -----END PGP SIGNATURE-----


  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |