Secunia Security Advisory - A vulnerability has been discovered in Mac OS X, which can be exploited by malicious people to compromise a user's system.
3a7f59d44228e5fe13c27d22d330b7dae3664c1f1ffaba9e45c6330881a90e88----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Mac OS X Java Calendar Deserialisation Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA35118
VERIFY ADVISORY:
http://secunia.com/advisories/35118/
DESCRIPTION:
A vulnerability has been discovered in Mac OS X, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the deserialisation of
Calendar objects in Java for Mac OS X. This can be exploited to escape
the Java sandbox and execute arbitrary code e.g. when a user visits a
web page containing a specially crafted Java applet.
This is related to vulnerability #14 in:
SA32991
The vulnerability is confirmed in Mac OS X 10.5.7. Other versions may
also be affected.
SOLUTION:
Disable Java support in your browser. Do not execute Java programs
from untrusted sources.
PROVIDED AND/OR DISCOVERED BY:
Additional information about Java for Mac OS X being affected
provided by Landon Fuller and Julien Tinnes.
ORIGINAL ADVISORY:
Landon Fuller:
http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
Julien Tinnes:
http://blog.cr0.org/2009/05/write-once-own-everyone.html
OTHER REFERENCES:
SA32991:
http://secunia.com/advisories/32991/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed