In association with heise online

25 September 2008, 11:23

Apple closes 27 security holes in Java

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has closed numerous security holes with the release of Java for Mac OS X 10.5 Update 2. Several of these holes are critical because they allow attackers to inject and execute code but successful exploitation of these holes requires users to visit a specially crafted web page with a Java-enabled browser.

The vulnerabilities are generally the same as those Sun Microsystems reported and fixed in JDK and JRE 6 Update 7, JDK and JRE 5.0 Update 16, and SDK and JRE 1.4.2_18 more than two months ago.

There are also two critical, previously undisclosed holes which are specific to Apple. These are a flaw when processing Hash-based Message Authentication Code (HMAC) for MD5 and SHA-1 hashes, and the possibility for applets to launch local files via file:// URL.

Full details of the update are available on the Apple support site with the update itself available on Apple's Software Update service or to download immediately from Apple's downloads site.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit