Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > APPLE-SA-2005-02-22 - Java Plugin Vulnerability

February 2005

APPLE-SA-2005-02-22 - Java Plugin Vulnerability

ID: 00162
Ref: 145/2005
Date: 23 February 2005:14:33:54
Version: 1
Title: APPLE-SA-2005-02-22 - Java Plugin Vulnerability
Abstract:
Vendors affected: Apple
Operating systems affected: Apple
Applications affected: Apple
Title
=====

APPLE-SA-2005-02-22 - Java Plugin Vulnerability

Detail
======

A vulnerability in the Java Plug-in may allow an untrusted
applet to escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user running
the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by
this vulnerability.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0178 -- APPLE-SA-2005-02-22
Security Update 2005-002 - Java Plugin Vulnerability
23 February 2005

===========================================================================



Product: Java
Publisher: Apple
Operating System: Mac OS X
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1029

Ref: ESB-2004.0736

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-02-22 Security Update 2005-002

Security Update 2005-002 is now available and delivers the following
security enhancement for Java 1.4.2:

CVE-ID: CAN-2004-1029

Impact: Updates Java to address an issue where an untrusted applet
could gain elevated privileges and potentially execute arbitrary code.

Description: A vulnerability in the Java Plug-in may allow an untrusted
applet to escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user running
the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by
this vulnerability. Further information is available in Document ID 57591
from Sun's security web site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update pane
in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at: http://www.apple.com/support/security/security_pgp.html

- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQhuqP5yw5owIz4TQAQLeSggAs922mIQhCcw3UytjHLIFCCOUnsNLDjXq
MyZr38ACdaRAiDE4+ZZyec3I0YcV35ByRD6B4tLlvLe09E8xdllO/fzZSS3V5qVB
gOcIQ15cC2+EDt95ADfuiP4cviw3rIjPyMv+HhUgGMb7hdbDNRHUrh+RDUdIzj4y
HY3cvHZnJuz+GuXQqUXhDIwplzS9gy4zmmSVVFWlNjg/3bSlxo230NhZz+9gwWUi
0uIVk6Oo2qXI/F7N2zbdik5VELg0hoThyILRkcvXrdonfLFAU0JG1/6gLOD1nBox
MYt/cHfgQ8gFg2SXKMYas5xm6W2hC5XfIycOIqom53nWZQkCPRNR6Q==
=V4D9
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQhvUlyh9+71yA2DNAQKfMgP+Kq99o+z7MlmDP+GbenncwPcwathq+oKc
Z1A27nnrR9m6QC+78VACa4NTIuyA3jvC4Sav5sZJxdX4NzYqGXvptSBIiBv7WyZm
FtdA4jnkyoybzL1HkvQ7HlcHw2MPZynhOUoQr/ObsffpCSH3OIe9qUyLu9fkgoNH
bGIZnKePTCA=
=FlGM
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |