---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Mac OS X Java Calendar Deserialisation Code Execution Vulnerability SECUNIA ADVISORY ID: SA35118 VERIFY ADVISORY: http://secunia.com/advisories/35118/ DESCRIPTION: A vulnerability has been discovered in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the deserialisation of Calendar objects in Java for Mac OS X. This can be exploited to escape the Java sandbox and execute arbitrary code e.g. when a user visits a web page containing a specially crafted Java applet. This is related to vulnerability #14 in: SA32991 The vulnerability is confirmed in Mac OS X 10.5.7. Other versions may also be affected. SOLUTION: Disable Java support in your browser. Do not execute Java programs from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Additional information about Java for Mac OS X being affected provided by Landon Fuller and Julien Tinnes. ORIGINAL ADVISORY: Landon Fuller: http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html Julien Tinnes: http://blog.cr0.org/2009/05/write-once-own-everyone.html OTHER REFERENCES: SA32991: http://secunia.com/advisories/32991/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------