Sprachen

Archived - About the Java Security Update

This article has been archived and is no longer updated by Apple.

This document describes the security content of Java Security Update, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Java Security Update

  • Java

    Available for: Java 1.3.1

    Impact: Java is updated to version 1.3.1_16

    Description: This release updates Java to version 1.3.1_16 to address a number of issues. Further information is available in the 1.3.1_16 section of Sun's release notes at http://java.sun.com/j2se/1.3/ReleaseNotes.html.

  • Java

    Available for: Java 1.4.2

    Impact: Java is updated to version 1.4.2_09

    Description: This release updates Java to version 1.4.2_09 to address a number of issues. Further information is available in the 1.4.2_09 section of Sun's release notes at http://java.sun.com/j2se/1.4.2/ReleaseNotes.html. Credit to Sun and Marc Schoenefeld for notifying us about these issues.

  • Java

    CVE-ID: CAN-2005-2527

    Available for: Java 1.4.2

    Impact: A file race condition can lead to file corruption or the creation of arbitrary files.

    Description: This is specific to the implementation of Java on Mac OS X. Under certain conditions, Java may insecurely handle a temporary directory. Subsequent file operations inside that directory could be exposed to file race conditions. This update addresses the issue by adding validation when operating in the temporary directory.

  • Java

    CVE-ID: CAN-2005-2530

    Available for: Java 1.3.1

    Impact: An untrusted applet could gain elevated privileges.

    Description: This is specific to the implementation of Java on Mac OS X. A vulnerability in Apple's implementation of Java allows an untrusted applet to elevate privileges when using Mac OS X specific extensions. This update addresses the issue by implementing additional security checks. This issue does not affect Java on Mac OS X v10.4 or later.

  • Java

    CVE-ID: CAN-2005-2738

    Available for: Java 1.4.2

    Impact: Network traffic intended for a particular Java ServerSocket could be intercepted by another one.

    Description: This is specific to the implementation of Java on Mac OS X. It is possible for the same port to be opened as a Java ServerSocket multiple times without reporting an error. This can allow a Java program to intercept data intended for the ServerSocket of a different Java program. This update causes an exception to be thrown if a port is already in use. This issue does not affect Java on Mac OS X v10.4 or later. Credit to Jeremy Pfeifer of the University of Saskatchewan for reporting this issue.

Related documents

Zuletzt geändert: Feb 19, 2012
Diese Seite drucken
  • Zuletzt geändert: Feb 19, 2012
  • Artikel: TA23501
  • Aufrufe:

    33124
  • Bewertung:
    • 47.0

    (3 Responses)