Operating System:

[OSX]

Published:

05 March 2013

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2013.0314 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0314
            Java for OS X 2013-002 and Mac OS X v10.6 Update 14
                               5 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Java
Publisher:        Apple
Operating System: OS X
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2013-1493 CVE-2013-0809 

Reference:        ASB-2013.0034

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6
Update 14

Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available
and address the following:

Java
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact:  Multiple vulnerabilities in Java 1.6.0_41
Description:  Multiple vulnerabilities existed in Java 1.6.0_41, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues were addressed by updating to Java version 1.6.0_43.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2013-0809
CVE-2013-1493


Java for OS X 2013-002 and Java for Mac OS X 10.6 Update 14
may be obtained from the Software Update pane in System Preferences,
Mac App Store, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: 0f61f751f0a93a3a16824a826dc32bad5d9a981d

For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX2013-002.dmg
Its SHA-1 digest is: 47e38cf089a6a7bba9e2b0b387fe09e2b77e10a6

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRNOw1AAoJEPefwLHPlZEwf5IQAIfRs03vWa5PLrPeztGuEe+L
Bpj2zD7yDZPvJI2ql2ADRxFmfVaaoYtBIaYoh445OVH4ZSOA0aA8Buc2mHKbIpTa
K7KI+FNmzbwdbMWQtJefzAvxVlDz3wgAFXNl6ou8i1z5WzGN/k3Cv6VZtKexPheL
IxIYaaFabzqM6DPIlKKoIYe0leWWV/M/SXxI7vCSvln03Rpa32wDCedjXa2XwPfz
oZzj1BMWOdHhUsk/gcyLVGnKFwTnSGwJqjBnSkGYs2mKKYJ3AbLYwAxOHHVHAfg/
QxV8u64NkThB67t0wrg8ARSl5w/xNZZktxn7IhC6nRGfIRPLqPeZ0PWhC+U+vC04
CCmekKHBLA3HGdXqXTAiPBQF/8BqdT5dvZmelX1M9EBfTEyZGO+Csoyrhocmm1+N
x+LybVHz1Vik7cUqIZrBXRsB1mW+42UbwLMKXW8iyeDff3+chiBUxeo0Clr6NnOv
bFXm4qByMNtjunJIX5qO1w2UwUDwG121M97AhviIZPvaAkE7Ei/EzRlHWSPsWPUF
Z0ME6JI1wUJ1pTmRIp1t/sMlIb+x1IGauwa9G0KDZOtN/UELlD6ITj6aq/wXTYQV
0qvgsYyQBKfzUXfIc1ou/5LEPvEAvP6ddhzx5cKxfrBeq4dCvdwLAARwhyevGpC/
I+rlkXXzfkbcRZuXcixW
=5O4A
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUTVS/+4yVqjM2NGpAQJnRg//Vzq9MZKir9wvKqBcmd2lqwls1YPf/5ua
XuasK0bieEKpZvmMJSHgJOj0BB+fV9j0QF6/rjZSjqY0sT+vmwRkzwEXfiNDiYti
FetffTBC3if190VnwUgH2fypFT7T0nLi5Pb2PuzW0egWYFXkfuZvQk/DTHDgXzsE
lGpyLTMLFkn66Vf49FjydndKrBzV7/geAEOaTVFls9gv/Wo3Gb2YygaaHihlrb2u
EO0tPvPh0m6Y1+kTpj7LZY7hHO9jw/6lCEHSz3DtBoLNJ+QgSmVLqf/M8UpdlFgo
Yl67CgvLz4aQyY5kL4xZwKfSBiLkif2zAWEY/w6AiIZkGdb/TkD6X2wUhVFrTbcP
K4j25ajmbcOPmIZItKAbD5pLBU1qI7Yw5fiKGpV807JR0XgOp5yIkX0xRau+1mb5
kDPcqNr4ehWrfh0zQymTWbYVwLQgUKnR6hCmxxU6pKzcw1nXNwluSfAElvYzLXdq
d6C5b6IkrI/iV9BmjsKEt8jMvyQzSimUjJdpGVlpkQC75lUOUNRoUJXAxn2qbhV/
aLFfai7FpIZ1hvp4gpS/B5E1jaxX0pX+Kd9xsJJbvk43eYuKgyqnHQRArJXLqOYH
GD9okC3Jf9XgsyTwLgzbl8aR8WE0hiuygH1eFODupAIvU35fpRKj4sBT+BiyvE+A
uYHX2lG5YIA=
=GA4M
-----END PGP SIGNATURE-----