The last flaw addressed in the Mac OS X 10.6 update, CVE-2010-1827, can also be exploited in drive-by download attacks by serving malicious Java applets.Īpple describes this issue as a memory corruption condition triggered when handling certain applet window bounds. It stems from improper handling of Mach RPC messages and can be exploited to execute arbitrary code with the privileges of the current user. The bugs common to Java 6u22 are identified as CVE-2009-3555 and CVE-2010-1321, and have a base score of 6.8 on the CVSS scale.īoth of them possibly allow for remote arbitrary code execution by vising a website set to load a maliciously crafted Java applet.Īnother patched vulnerability, identified as CVE-2010-1826, was discovered by security researcher Dino Dai Zovi and was presented at the Summercon hacker convention earlier this year. The new Java for Mac OS X 10.6 Update 3 addresses two vulnerabilities patched by Oracle in Java SE 6 Update 22 released last week, as well as two Mac-only flaws Apple has released Java security updates for Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard), which provide fixes for critical remote code execution vulnerabilities.
0 Comments
Leave a Reply. |