---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X update for Java SECUNIA ADVISORY ID: SA39819 VERIFY ADVISORY: http://secunia.com/advisories/39819/ DESCRIPTION: Apple has issued an update for Java for Mac OS X. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or to compromise a user's system. For more information: SA34451 SA37255 SA39260 1) An error in the handling of mediaLibImage objects can be exploited to cause an out-of-bounds memory access and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet. 2) A signedness error when drawing windows can be exploited to corrupt memory and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet. SOLUTION: Apply updates. Java for Mac OS X 10.6: Apply Update 2. http://support.apple.com/kb/DL972 Java for Mac OS X 10.5: Apply Update 7. http://support.apple.com/kb/DL971 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Marc Schoenefeld, University of Bamberg. 2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and Jeffrey Czerniak. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 OTHER REFERENCES: SA34451: http://secunia.com/advisories/34451/ SA37255: http://secunia.com/advisories/37255/ SA39260: http://secunia.com/advisories/39260/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------