Users of Mac OS X 10.6 please be advised of a Java Update 3 that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
APPLE-SA-2010-10-20-1: APPLE-SA-2010-10-20-1 Java for Mac OS X 10.6 Update 3
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A local user may be able to execute arbitrary code with the
privileges of another user who runs a Java application
Description: A command injection issue exists in updateSharingD's
handling of Mach RPC messages. A local user may be able to execute
arbitrary code with the privileges of another user who runs a Java
application. This issue is addressed by implementing a per-user Java
shared archive. This issue only affects the Mac OS X implementation
of Java. Credit to Dino Dai Zovi for reporting this issue.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cwV8Eq
No comments:
Post a Comment