Feb 23

Apple’s Security Update 2005-02 addresses a security hole in Java 1.4.2:

CVE-ID: CAN-2004-1029

Impact: Updates Java to address an issue where an untrusted applet could gain elevated privileges and potentially execute arbitrary code.

Description: A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.

Comments are closed.