Mac Security: Java Security Update for 10.4.5

Discussion in 'Apple' started by Derek Currie, Apr 19, 2006.

  1. Derek Currie

    Derek Currie Guest

    Last night Apple released a new security update. This one is specific to
    Java. It is recommended for users of Mac OS X and Mac OS X Server
    10.4.5. It repairs two vulnerabilities in Apple's Java implementation.

    Below is the message Apple sent out through their Security-Announce List:

    :-Derek

    ===============================
    <http://lists.apple.com/archives/security-announce/2006/Apr/msg00001.html
    APPLE-SA-2006-04-18 J2SE 5.0 Release 4

    Subject: APPLE-SA-2006-04-18 J2SE 5.0 Release 4
    From: Apple Product Security
    Date: Tue, 18 Apr 2006 15:13:09 -0700


    APPLE-SA-2006-04-18 J2SE 5.0 Release 4


    J2SE 5.0 Release 4 is now available for Mac OS X v10.4.5 and provides
    fixes for the following security issues:


    CVE-ID: CVE-2006-0613
    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
    Impact: Untrusted Java applications may obtain elevated
    privileges.
    Description: A security vulnerability in Java Web Start may
    allow an untrusted application to elevate its privileges. This
    update addresses the issue by providing J2SE version 1.5.0_06,
    which is not susceptible to this vulnerability. For additional
    information on this issue see Sun Alert 102170
    (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1)


    CVE-ID: CVE-2006-0614, CVE-2006-0615, CVE-2006-0616,
    CVE-2006-0617
    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5
    Impact: Untrusted Java applets may obtain elevated privileges.
    Description: Security vulnerabilites related to the use of
    "reflection" APIs in the Java Runtime Environment may allow an
    untrusted applet to elevate its privileges. This update
    addresses these issues by providing J2SE version 1.5.0_06, which
    is not susceptible to these vulnerabilities. For additional
    information on these issues see Sun Alert 102171 (http://
    sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1)


    Additionally, a minor security-related fix for Java InputMethods
    is included in this update. Due to an issue handling input method
    events, it is possible that key events intended for a secure field
    such as a password field may be sent to a normal text field in the
    same window. This could result in accidental password disclosure to
    others physically present when the password is entered. This update
    addresses the problem by properly handling input method events.


    J2SE 5.0 Release 4 may be obtained from the Software Update pane in
    System Preferences, or Apple's Software Downloads web site:


    For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5:
    http://www.apple.com/support/downloads/j2se50release4ppc.html
    The download file is named: "J2SE50Release4.dmg"
    Its SHA-1 digest is: db3d87ead4adab3e8435bad442b93663bbb54b40


    For Mac OS X v10.4.5 (Intel):
    http://www.apple.com/support/downloads/j2se50release4intel.html
    The download file is named: "J2SE50Release4.dmg"
    Its SHA-1 digest is: 12f0fba2946121a8414fea58526841e0903d4204


    Information will also be posted to the Apple Product Security
    web site:
    http://docs.info.apple.com/article.html?artnum=61798

    _______________________________________________

    Apple's info doc article about this update can be found at:
    <http://docs.info.apple.com/article.html?artnum=303658>

    --
    Fortune Magazine, 11-29-05: What's your computer setup today?
    Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease
    of use, and I want my computer to be a tool, not a challenge.
    <http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
    [Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded
    the movement to modernize computer software engineering in 1975]
     
    Derek Currie, Apr 19, 2006
    #1
    1. Advertisements

  2. Derek Currie

    Per Rønne Guest

    10.4.6 too ...
     
    Per Rønne, Apr 20, 2006
    #2
    1. Advertisements

  3. Derek Currie

    Derek Currie Guest

    Yeah. I have to wonder why they wrote the note that way. Typically this
    comes down to a particular person's style of writing and inconsistent
    editing.

    :-D

    --
    Fortune Magazine, 11-29-05: What's your computer setup today?
    Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease
    of use, and I want my computer to be a tool, not a challenge.
    <http://money.cnn.com/magazines/fortune/fortune_archive/2005/12/12/8363107/>
    [Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded
    the movement to modernize computer software engineering in 1975]
     
    Derek Currie, Apr 20, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.