Tuesday, December 18, 2007

Mac OS About Java : Java 1.4 and J2SE 5 can be exploited in Mac OS X 10.4.

Apple recommend to upgrade their Java based program into Java Released 6 in Mac OS X 10.4. Secunia.com says that :

1) An error in Java due to an improper access check can be exploited via a specially crafted Java applet to add or remove items from a user's Keychain, without prompting the user.

This vulnerability affects Mac OS X versions prior to 10.5.

2) Some vulnerabilities in Java 1.4 and J2SE 5.0 can be exploited to bypass certain security restrictions, conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or to compromise a user's system.


Vulnerability discovered by :
Bruno Harbulot
Manchester Computing / School of Computer Science (Office 1.17)
University of Manchester
Oxford Road
Manchester M13 9PL, UK

No comments: