Sun acknowledged that multiple buffer and integer overflow vulnerabilities exist in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. The advisory was posted here. Handler Mark Hofman posted a onliner on 3 Dec 2009 on the released of an Apple Java update APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6) that fixed a number of issues. Sun had released a Java update for all platforms (Windows, Solaris and Linux), it is a good time to patch for this vulnerability because exploit code has been made public. For now, browsers on unpatched systems will crash but that could soon change. You can find the Windows, Solaris and Linux update here. You can find the Apple update here.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org |
Guy 495 Posts ISC Handler Dec 5th 2009 |
Thread locked Subscribe |
Dec 5th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!