Apple recommend to upgrade their Java based program into Java Released 6 in Mac OS X 10.4. Secunia.com says that :
1) An error in Java due to an improper access check can be exploited via a specially crafted Java applet to add or remove items from a user's Keychain, without prompting the user.
This vulnerability affects Mac OS X versions prior to 10.5.
2) Some vulnerabilities in Java 1.4 and J2SE 5.0 can be exploited to bypass certain security restrictions, conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or to compromise a user's system.
http://secunia.com/advisories/28115/
Vulnerability discovered by :
Bruno Harbulot
Manchester Computing / School of Computer Science (Office 1.17)
University of Manchester
Oxford Road
Manchester M13 9PL, UK
No comments:
Post a Comment