About the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

Learn about the security content of Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10.

Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10

• Java

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later

Description: An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35. Further information is available via the Java website at http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

CVE-ID

CVE-2012-0547

• Java

Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later

Impact: Visiting a maliciously crafted website with Java enabled may lead to arbitrary code execution

Description: A privilege escalation issue existed in the JAI API. An unsigned applet may have been able to execute arbitrary code. This issue was addressed by preventing the JAI and J3D APIs from being used by unsigned applets.

CVE-ID

CVE-2012-3717 : Adam Gowdiak of Security Explorations