About the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

Learn about the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10.

This article has been archived and is no longer updated by Apple.

Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

  • Java

    Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later

    Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

    CVE-ID

    CVE-2012-0547

  • Java

    Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later

    Impact: Visiting a maliciously crafted website with Java enabled may lead to arbitrary code execution

    Description: A privilege escalation issue existed in the JAI API. An unsigned applet may have been able to execute arbitrary code. This issue was addressed by preventing the JAI and J3D APIs from being used by unsigned applets.

    CVE-ID

    CVE-2012-3717 : Adam Gowdiak of Security Explorations

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: