ID: IRCNE2011061160
Date: 2011-06-29
zdnet - According to warnings from Apple, the vulnerabilities could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
The risks:Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
The updates are available for Mac OS X v10.6.6 and Mac OS X v10.5.8.
The Java for Mac patches follows the weekend release of a major Mac OS X security update to cover major security holes.
Some of the Mac OS X security holes could lead to remote code execution via rigged fonts or PDF files. The components affected by critical vulnerabilities include ATS, ColorSync, CoreFoundation, CoreGraphics, ImageIO.
Apple also warned about security flaws in MobileMe, MySQL, OpenSSL, QuickLook and QuickTime.
- 2