About the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
Learn about the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10.
Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later
Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
CVE-ID
CVE-2012-0547
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later
Impact: Visiting a maliciously crafted website with Java enabled may lead to arbitrary code execution
Description: A privilege escalation issue existed in the JAI API. An unsigned applet may have been able to execute arbitrary code. This issue was addressed by preventing the JAI and J3D APIs from being used by unsigned applets.
CVE-ID
CVE-2012-3717 : Adam Gowdiak of Security Explorations
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
