Apple Releases Java Security Update
The update addresses two privilege-escalation vulnerabilities, under which untrusted Java applets may obtain elevated privileges.
The first involves Java Web Start. Quoting the Apple web site:
Description: A security vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. This update addresses the issue by providing J2SE version 1.5.0_06, which is not susceptible to this vulnerability. For additional information…
The second involves the reflection APIs. Again quoting the Apple web site:
Description: Security vulnerabilites related to the use of “reflection” APIs in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. This update addresses these issues by providing J2SE version 1.5.0_06, which is not susceptible to these vulnerabilities. For additional information…
There is a third, minor issue fixed in Java InputMethods. Once again, from the Apple web site:
Additionally, a minor security-related fix is included in this update for Java InputMethods. Due to an issue handling input method events, it is possible that key events intended for a secure field such as a password field may be sent to a normal text field in the same window. This could result in accidental password disclosure to…
Be sure to update your Mac with OSX as soon as possible.
About the security content of J2SE 5.0 Release 4
Related Stories
POSTED IN: Apple, Secure That Computer, Security
0 opinions for Apple Releases Java Security Update
No one has left a comment yet. You know what this means, right? You could be first!
Have an opinion? Leave a comment: