Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0340 OS X: Java Web plug-in blocked 7 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Java Web plug-in Publisher: Apple Operating System: OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-1493 CVE-2013-0809 Reference: ASB-2013.0034 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-06-1 OS X: Java Web plug-in blocked Due to multiple vulnerabilities in: Java 6 update 41 and earlier Java 7 update 15 and earlier Apple has updated the web plug-in blocking mechanism to disable versions of Java older than Java 6 update 41 and Java 7 update 15. CVE-ID CVE-2013-0809 CVE-2013-1493 More information on Apple-provided updates is available at http://support.apple.com/kb/HT5677 Information on blocked web plug-ins will be posted to: http://support.apple.com/kb/HT5660 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRN8ycAAoJEPefwLHPlZEwKj4P/2OBOVTWhgRt3kFbDwrqHvzk IOmbuCktvSWv47Z8SJlYSV0+zQL/lYCyqwIHwXzSpgk8NkWk08CPbUKu3/mohe1h tcyIqbdlsfwRghflxI4CWPBD3lKsdZcrLdAxZFjlhsHtgTXR2WtQOhNfX0vbkz5u wLUIYVPUS/PREwW7IxDI9Mty0PsjRq502/T1Jc1aU9Qg22cmkL4nw8ifeyM7YG0P dGbP2Pa/0cFmNVbBqVZh0dPc7P3E725i5ffkjFcuB2/74oG5ekmw0NRO6lQM+lvV cyG5qwxEgA6nF+1328JNsfACFS8nR1wNaH7hKHTcHkCHmMSZ/plsCjhH7GZYM+Bw KRCJY4HsolIVskHusRFa96q0xy3k4BXuRrMXXuj3mebNu8qmB8VX4HmQh2MY2bnr 0QEeMs8e/CabpL5ju5E3r3gAPwa0n1zKSYv5R1QYFoapTl9qfp6xU5OrLileqgPh hmZGWMbS1wQDqLe4Xv0PXC4wnLBpySWhlta2XE3LlfzkZlWhjw6OKWsTLY6Wej/r 5tNq94+5Ni+1PHrQWzYXuiRiDcm1WVWWWF5NtaQlTmrmQaRDtgcvWYOa25NDWSob KNZgrWzsofqKTPVWjNvpsJoX4ptneX8+J+rQABIXrbjUKvHFtEe+oc+/Yb8dbKYC QAVnD0o6JUBVO8XK4bSS =fwDY - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUTgAEO4yVqjM2NGpAQL08g//enjNhUoPgcGM0UbVLWOYsHuOKP6E6/6I c/Vg9RK1kYw/bmiC6Wt2+bv6Pdjnypt+yA95GevKatieucapA5K3eDPSsKoDDMBH qpQjNHJFA0dYOIOXmd9maWfFd0dWa1YYvDzjpJTojTkAEMZq5wYaMjcOGAbIz81K Lm/gzg4/Qj9dBNZSx7yZo3Z9ihNhSzyOjedz2tSBEMHcD52YG4d9W9s3mNye8Dfg skuASQHaOgqa3MpJUoVFqwcgt0yoF32iPqPFV3geATGO+z/sZzw1z8G3MWX+wSk2 CSsV1LSjG13SrVPCgKeEUw6wjA1FRNK3x39l83N2zpG0ptuvwF8ioMgtqgeDBjkX kuUPBPBS3Y5jkzi4cCAjzaK3e1ScQrNMeKSoJlxwPkKAE0xywtBmjEuQdnQ6Lwk5 HS4zYMMv12T5xoY03mW0Na8HPFPgPEAYwzlczwG+cNSFG8vvlUs2J0sGWzL1qYDa nifU2QeuOtsCmfKqlJ98vyzs4ShjJFUR5/8N92/cLlYpi2MMOKsEGpES485QwAPN B2M5An0vx5S3Txg45xlsIjShuZ+VyMmiUjPYbPIVlFQhGHZGzAKDn+oLtnk9Zpkd hGcTHeiWFDVBHPmBq4aH+vGVGqQ9wJPIJORaOlLzkPVHL+YJnNsi5l/QqdxFbQzQ CIsyYcRMZS4= =3t08 -----END PGP SIGNATURE-----