Kod programskog paketa Java otkriveni su i ispravljeni propusti koje su zlonamjerni napadači mogli iskoristiti za zaobilaženje postavljenih ograničenja i proizvoljno pokretanje programskog koda.
Paket:
java 1.6.0_24
Operacijski sustavi:
Apple Mac OS X 10.6
Kritičnost:
10
Problem:
nespecificirana pogreška, pogreška u programskoj funkciji
Uočena je nespecificirana greška te problem u komponentama "com.sun.beans.finder.ClassFinder.findClass", "Gondzz.class" i "Gondvv.class".
Posljedica:
Udaljeni napadači mogu iskoristiti navedene ranjivosti kako bi zaobišli postavljena ograničenja i tako proizvoljno pokrenuli proizvoljni programski kod.
Rješenje:
Svim korisnicima se savjetuje instalacija službenih rješenja.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-05-1 Java for OS X 2012-005 and
Java for Mac OS X 10.6 Update 10
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 are now
available and address the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Description: An opportunity for security-in-depth hardening is
addressed by updating to Java version 1.6.0_35. Further information
is available via the Java website at
http://www.oracle.com/technetwork/topics/security/alert-
cve-2012-4681-1835715.html
CVE-ID
CVE-2012-0547
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: 6218979ae4eaef5ea7849cb4455e2c6f8bf362d2
For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: e0750c72972b8a2ccbcb3144bb31d74419276387
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQRoIGAAoJEPefwLHPlZEwqLIQAI/iwWUZRJ17R8WepzGdMtOC
7CfvG6Xm4sO56jEz5Idg8elpKaoDr5xzjyBO0PF/I+vM2DJo5X6Dm25r7TstWHVe
/Ucnan0yRbn6bqUgsKyAubQy+yENxJEr3ed/xe+EUcRvw8mX/kHH7Rq0boMtxx3D
eyq/t8Z4rY3B4BLS0RPG0sKNR2cNetE1yNKxHNskOAc3qsgv8oa7XgR9q+z3lHbS
t+BWp3dDF+gcTzdPJVzE1ksC4MCnPYYA6qoNVSj5o8AFU6ZJ5BGaQWIVY67qXZt4
yls0P4bV0LZbrVolrfzpysfgoACT8NutibJ9fWe8UjqN8t+0NvsWKMQIO/Yye4uF
aqWUB6P8uzaVEXksIuDuLtLLF0IhdWk7l9wcW9L4h/vgFvcwtT8o7fTn1av7zBhO
CP/sF3iM8n50b42m/dD+nkriIlreH7tWMo5C+GgEKaXSgG9YeqnzzCXf30P20wxF
oYfpwGgGKrVvojUbuPfZOUe8bpQNoCec8TNtXjZAuOYkE7Ku7RXPeB0Y1znINVNj
VXfQcsJlSEjkqS5TYofaNZ3Qk4hVUbexTwuHCMxevY0L1k7PId829wzoPoE70vSw
0BCYAHZzeCkfQpc+jElB8a3rXStYtAvc8OhI2Wq6bLHVclokFSk7YbmrEGDMGM/Z
vCB4qLe1cpGMcRIoYGdA
=v5mf
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/lss.advisory%40gmail.com
This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke