Languages

Archived - About the security content of Java Release 6 for Mac OS X 10.4

This article has been archived and is no longer updated by Apple.

This document describes the security content of Java Release 6 for Mac OS X v10.4, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Java Release 6 for Mac OS X 10.4

  • Java

    CVE-ID: CVE-2007-5862

    Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

    Impact: A malicious webpage can remove or insert items in the keychain

    Description: An access check may be bypassed for Keychain updates. A specially crafted Java applet may be able to add or remove items from a user's Keychain, without prompting the user. This update addresses the issue through an improved access check. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Bruno Harbulot of the University of Manchester for reporting this issue.

  • Java

    CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6736, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-3004, CVE-2007-3005, CVE-2007-3504, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232

    Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

    Impact: Multiple vulnerabilities exist in Java 1.4

    Description: Multiple vulnerabilities exist in Java 1.4, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating Java 1.4 to version 1.4.2_16. These issues are already addressed in systems running Mac OS X v10.5 and later.

  • Java

    CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3504, CVE-2007-3655, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232

    Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

    Impact: Multiple vulnerabilities exist in J2SE 5.0

    Description: Multiple vulnerabilities exist in J2SE 5.0, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating J2SE 5.0 to version 1.5.0_13. These issues are already addressed in systems running Mac OS X v10.5 and later.

Last Modified: Feb 20, 2012
  • Last Modified: Feb 20, 2012
  • Article: TA25122
  • Views:

    1955

Additional Product Support Information