SECUNIA ADVISORY ID: SA32018

VERIFY ADVISORY: http://secunia.com/advisories/32018/

CRITICAL: Highly critical

IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access

OPERATING SYSTEM: Apple Macintosh OS X - http://secunia.com/advisories/product/96/

DESCRIPTION: Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.



1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. This can potentially be exploited to execute arbitrary code when a user visits a web page containing a specially crafted java applet.

2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet. Mac OS X 10.4 is reportedly not affected.

3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.

For more information: SA29239 - SA31010

SOLUTION:
-- Java for Mac OS X 10.4 --: Update to Release 7: http://www.apple.com/support/downloads/javaformacosx104release7.html
-- Java for Mac OS X 10.5 --: Apply Update 2: http://www.apple.com/support/downloads/javaformacosx105update2.html

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Radim Marek.
2) The vendor credits Nitesh Dhanjani and Billy Rios.

ORIGINAL ADVISORY: Apple:
http://support.apple.com/kb/HT3179
http://support.apple.com/kb/HT3178

OTHER REFERENCES:
SA28115: http://secunia.com/advisories/28115/
SA29239: http://secunia.com/advisories/29239/