Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0314 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 5 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Java Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-1493 CVE-2013-0809 Reference: ASB-2013.0034 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_41 Description: Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_43. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-0809 CVE-2013-1493 Java for OS X 2013-002 and Java for Mac OS X 10.6 Update 14 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: 0f61f751f0a93a3a16824a826dc32bad5d9a981d For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-002.dmg Its SHA-1 digest is: 47e38cf089a6a7bba9e2b0b387fe09e2b77e10a6 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRNOw1AAoJEPefwLHPlZEwf5IQAIfRs03vWa5PLrPeztGuEe+L Bpj2zD7yDZPvJI2ql2ADRxFmfVaaoYtBIaYoh445OVH4ZSOA0aA8Buc2mHKbIpTa K7KI+FNmzbwdbMWQtJefzAvxVlDz3wgAFXNl6ou8i1z5WzGN/k3Cv6VZtKexPheL IxIYaaFabzqM6DPIlKKoIYe0leWWV/M/SXxI7vCSvln03Rpa32wDCedjXa2XwPfz oZzj1BMWOdHhUsk/gcyLVGnKFwTnSGwJqjBnSkGYs2mKKYJ3AbLYwAxOHHVHAfg/ QxV8u64NkThB67t0wrg8ARSl5w/xNZZktxn7IhC6nRGfIRPLqPeZ0PWhC+U+vC04 CCmekKHBLA3HGdXqXTAiPBQF/8BqdT5dvZmelX1M9EBfTEyZGO+Csoyrhocmm1+N x+LybVHz1Vik7cUqIZrBXRsB1mW+42UbwLMKXW8iyeDff3+chiBUxeo0Clr6NnOv bFXm4qByMNtjunJIX5qO1w2UwUDwG121M97AhviIZPvaAkE7Ei/EzRlHWSPsWPUF Z0ME6JI1wUJ1pTmRIp1t/sMlIb+x1IGauwa9G0KDZOtN/UELlD6ITj6aq/wXTYQV 0qvgsYyQBKfzUXfIc1ou/5LEPvEAvP6ddhzx5cKxfrBeq4dCvdwLAARwhyevGpC/ I+rlkXXzfkbcRZuXcixW =5O4A - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUTVS/+4yVqjM2NGpAQJnRg//Vzq9MZKir9wvKqBcmd2lqwls1YPf/5ua XuasK0bieEKpZvmMJSHgJOj0BB+fV9j0QF6/rjZSjqY0sT+vmwRkzwEXfiNDiYti FetffTBC3if190VnwUgH2fypFT7T0nLi5Pb2PuzW0egWYFXkfuZvQk/DTHDgXzsE lGpyLTMLFkn66Vf49FjydndKrBzV7/geAEOaTVFls9gv/Wo3Gb2YygaaHihlrb2u EO0tPvPh0m6Y1+kTpj7LZY7hHO9jw/6lCEHSz3DtBoLNJ+QgSmVLqf/M8UpdlFgo Yl67CgvLz4aQyY5kL4xZwKfSBiLkif2zAWEY/w6AiIZkGdb/TkD6X2wUhVFrTbcP K4j25ajmbcOPmIZItKAbD5pLBU1qI7Yw5fiKGpV807JR0XgOp5yIkX0xRau+1mb5 kDPcqNr4ehWrfh0zQymTWbYVwLQgUKnR6hCmxxU6pKzcw1nXNwluSfAElvYzLXdq d6C5b6IkrI/iV9BmjsKEt8jMvyQzSimUjJdpGVlpkQC75lUOUNRoUJXAxn2qbhV/ aLFfai7FpIZ1hvp4gpS/B5E1jaxX0pX+Kd9xsJJbvk43eYuKgyqnHQRArJXLqOYH GD9okC3Jf9XgsyTwLgzbl8aR8WE0hiuygH1eFODupAIvU35fpRKj4sBT+BiyvE+A uYHX2lG5YIA= =GA4M -----END PGP SIGNATURE-----