Izdana je nadogradnja za operacijski sustav Mac OS X kojom se deaktiviraju Java browser plugin i Java Web Start ako se ne koriste 35 dana zaredom. Nadogradnja također pokreće i alat za uklanjanje raznih inačica zlonamjernog programa Flashback koji iskorištava sigurnosni propust paketa Java koji je ispravljen ovom nadogradnjom.
Paket:
Oracle Java 6
Operacijski sustavi:
Apple Mac OS X 10.6, Apple Mac OS X 10.7
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
APPLE-SA-2012-04-12
Izvor:
Apple
Problem:
Nadogradnja je izdana radi poboljšanja sigurnosnih mjera.
Posljedica:
Instalacijom ove nadogradnje automatski se deaktiviraju Java browser plugin i Java Web Start. Korisnik ih može ponovo uključiti po potrebi. Također se automatski pokreće alat za uklanjanje raznih inačica zlonamjernog programa Flashback. Ako je zlonamjerni program pronađen u sustavu, korisnik se obavještava o njegovu uklanjanju.
Rješenje:
Korisnike se potiče na primjenu dostupne nadogradnje.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and
Java for Mac OS X 10.6 Update 8
Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now
available and addresses the following:
Java
Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: The Java browser plugin and Java Web Start are deactivated
if they remain unused for 35 days
Description: As a security hardening measure, the Java browser
plugin and Java Web Start are deactivated if they are unused for 35
days. Installing this update will automatically deactivate the Java
browser plugin and Java Web Start. Users may re-enable Java if they
encounter Java applets on a web page or Java Web Start applications.
Further information is available at
http://support.apple.com/kb/HT5242
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: A Flashback malware removal tool will be run
Description: This update runs a malware removal tool that will
remove the most common variants of the Flashback malware. If the
Flashback malware is found, it presents a dialog notifying the user
that malware was removed. There is no indication to the user if
malware is not found.
Note: These updates include the security content from Java for
OS X 2012-002 and Java for Mac OS X 10.6 Update 7.
Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: e1da5dc40607eef88bff66a43ba5cdf6ac570225
For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 4e6fce49e9a3e07533398af8d8b0327136feead5
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPhwt0AAoJEGnF2JsdZQeeX0YIAJaHtT3P9U42kxSZmOmoPc7c
7lHPEJTZCUthZqVThC6IA26USosTUnU0gCuVACS6cVzA9qx8aHamwqRtZxCUe2Of
qvioELGS2/YImnMB5cnfazg7PxWxkETWn0HCKMZMvxOGdDeJqGqideb1cf98h5ci
HLAdkZilgxQMSMIfx7YZUEOT2Wo+LSQPM2vRe3aexqbDyShXrj6aieHNowZQMdaF
rxVLHWxE4wP6+wsxVue7/yOK6L88L+r+PFtk2e91gVLFV6ZKZW8M9X9k5IoejkdN
dik49/HCTrlPQURJ36TxeA9QZF1TTuuH3GepjhyUB5vPSBZF3rR8Sja7mD0jtx0=
=UBlv
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advisory%40lss.hr
This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke