Security Update 2005-002

Apple’s sticking with the new security update naming convention. Security Update 2005-002 is primarily a Java fix.

According to Apple:

Security Update 2005-002

Available for: Java 1.4.2
CVE-ID: CAN-2004-1029
Impact: Updates Java to address an issue where an untrusted applet could gain elevated privileges and potentially execute arbitrary code.
Description: A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability. Further information is available in Document ID 57591 from Sun.

But what does that mean Professor? One of the rules of untrusted Java applets was that they had no access to the hosting computer’s filesystem. This prevents things like collecting your personal information and sending it to their servers (and then to spammers). It also prevents modifications to your data and prevents things from being written out, like say the Opener malware. Not good.

Anyway, run software update so you too can feel warm and fuzzy inside.

Leave a Comment

Register or Log in.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

It sounds like SK2 has recently been updated on this blog. But not fully configured. You MUST visit Spam Karma's admin page at least once before letting it filter your comments (chaos may ensue otherwise).

Note: Registration is appreciated, but not required.

If you are having trouble with my spam blocker, contact me.