The mega update also addresses multiple serious vulnerabilities in Java 1.4.2_16, Java 1.5.0_13 and Java 1.6.0_05. It contains support for both Java 1.4.1 and Java 1.3.1. Credit to Radim Marek for reporting this issue. Apple Java Updater delivers functional enhancements and improved stability for running Java applications and applets. This update addresses the issue through improved error handling. Visiting a website containing a maliciously crafted Java applet may lead to arbitrary code execution. CVE-2008-3637: An error checking issue leading to the use of an uninitialized variable exists in the Hash-based Message Authentication Code (HMAC) provider used for generating MD5 and SHA-1 hashes.Several readers were unsure whether this was a true update, or just a standalone download of the previously. Credit to Nitesh Dhanjani and Billy Rios for reporting this issue. Apples Java 1.4.1 update 1 caused some confusion when it was posted yesterday. ![]() This update addresses the issue through improved handling of URLs. Visiting a website containing a maliciously crafted Java applet may allow a remote attacker to launch local files, which may lead to arbitrary code execution. If anyone knows of a version which is available under more liberal terms, please let me know. Apple provides new interfaces for these interactions under JDK 1.4.1 using a different set of packages ( and ). UPDATE: As Tom Hawtin pointed out: This version of the J2SE 1.4.2 SDK is strictly for use by SAP customers along with SAP software products. CVE-2008-3638: The Java plug-in does not block applets from launching file:// URLs. It seems to work well with BEA WebLogic 8.1.The two bugs affect Mac OS X v10.5.4 and Mac OS X Server v10.5.4 and address:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |