Java security update

Apple released Security Update 2005-002

Specific updated components include: Java Web Start, JavaPluginCocoa.bundle, JavaScriptCore, and Core Java classes. Detailed information on the update can be found here, and say the following about the update:

> Security Update 2005-002 (Apple)
> Sun(sm) Alert Notification (Sun)


Impact: Updates Java to address an issue where an untrusted applet could gain elevated privileges and potentially execute arbitrary code.

Description: A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability. Further information is available in Document ID 57591 from Sun.

Posted by Antony at February 23, 2005 10:52 PM

>> more MacCentre701 February 2005 reports.