Operating System:

[MAC]

Published:

18 October 2012

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2012.0998 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0998
        Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11
                              18 October 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Java for OS X
Publisher:        Apple
Operating System: Mac OS X
Impact/Access:    Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                  Modify Arbitrary Files          -- Remote/Unauthenticated
                  Denial of Service               -- Remote/Unauthenticated
                  Unauthorised Access             -- Remote/Unauthenticated
Resolution:       Patch/Upgrade
CVE Names:        CVE-2012-5979 CVE-2012-5089 CVE-2012-5086
                  CVE-2012-5084 CVE-2012-5083 CVE-2012-5081
                  CVE-2012-5077 CVE-2012-5075 CVE-2012-5073
                  CVE-2012-5072 CVE-2012-5071 CVE-2012-5069
                  CVE-2012-5068 CVE-2012-4416 CVE-2012-3216
                  CVE-2012-3159 CVE-2012-3143 CVE-2012-1533
                  CVE-2012-1532 CVE-2012-1531 

Reference:        ASB-2012.0144

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and
Java for Mac OS X 10.6 Update 11

Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11 are now
available and address the following:

Java
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact:  Multiple vulnerabilities in Java 1.6.0_35
Description:  Multiple vulnerabilities exist in Java 1.6.0_35, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_37.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5086
CVE-2012-5089
CVE-2012-5979


Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11
may be obtained from the Software Update pane in System Preferences,
Mac App Store, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: 2ca7594a6f7849b502715e8473cf46ef73570da6

For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: eff777cdc39b4e3336b3477f60e8ad769ded8532

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQfZ+bAAoJEPefwLHPlZEwF+YP/iVGN+CqCkLf7SavQUwyTQ08
a6+I34hefvCQcLCQ4EBYOzDXUJIlcH2azcGnvQsrrgWgpoE6ykqyj4fkpwLM0nF1
CfcSGOV8hmC2ZtR2PgJLcaP4FDKyNoOqLtKY6KtZnUQNcKBYcdM/y3OON9Zc0F2/
m/nQGnm3RfuXYXzSmTwJVKjuR1MkhUfZ9N6cwYUfjQC6cQaRs4tjeezd1jaobeXZ
lfk5Mo/kp3KTwAKsjdwqIThGX/UXdHQm9PnGfU9ktNv0429vKTX4VarPjyLsIeiO
GcBjfzRKzWYrbzTyKqKRAmtC/TcTnGJ8AfOjCP6HedeelJEbHB3iBb4ugqHzcPGG
ffZ9rZy8SMVppJyv3NeJJN86Kl3etdShmhj7maxyQUopDanpZQraaarkNlSYyLql
I0z4/IGX6W4Y2HYI+5wRchSewZi9mU9tw1HFZaoINaPBynEC0jihbeT5P9olX7mL
1OrWyPMPeaXtD9VRaSlV1WwPojJp26XrcWFUu6gqCOWRTzL0h83hNJrQJwTW7PrT
g6ryifMGItMkmOuINyniuUbz1PcOiQZ5VhtQn8XbvjX4BpGS6GJ4IAJ0rv9nSeON
PGv6JcpEAdjEdsChnDTGGTyUzQSN+HU/KTd7Jngg/Bu1v96ZAqrmVzFVkZi+6dtN
8KhhmiZ54RdiudmsUgFu
=TWGY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUH9K/u4yVqjM2NGpAQJw4Q/9FHrWg2wDmIDslYEjuo2H5+9nt6SODFXQ
WByKP2rdApi4tvcvo2UwD2QaoNGFZSEgv5IZZdEYxARFPmJ/g3hjqRZSJsQr/n7l
UuHIfo7T9y0tfhy9KM5qJk1/sMFMWhpDy+6Jc16R1k9D7DTU3XE+/4wxLC88YzyF
P3NEWhJsfbr3U/I3FVGcVocvlj10jVyUoCNo1F3GJSvRUn7MFtLAmi+V99f5UetU
aIafe9zWmlmRBFSx9GbTu09BlRz5LqOLq7V+hMHkno3vHKrN9Mp3jxsILroIghzj
Nbsj5CereSvIz/lNAd672DXqyD3ImTZxUOrV5fflOSba+KOicRaSQuEtm/Mp186U
fYW/eGcBIZdwmGRag98mNAnEkGMOBEO+jBFApZfn+f2dgoB/fX5+a6ekaOFDnPQ5
5yN49daKukyXArmN8dkaFPrwYnasTVRwWn7xYQ3xFR+Nf3dkQTvU5N5sTzfFMq1Q
irRlFzCEVNFdKS+gC+3fHisubNDwMVcJXxTdVrBN6WobCA0yLshDvs2xZE5EBJ2T
5Ej6GAXOmhmh7MMfgIFpubDuvVKu8G0eQQFR7hc8WEuATIa1vLpPtkP34h8wRP0J
YbqcWpsc/taR5AWo2Io5E0Ak9oaXG4yG9+5HMy/T3MoVQUHRiEx1WMwt6rWujWHk
octxoPAlBpM=
=W8/o
-----END PGP SIGNATURE-----