=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN110
_____________________________________________________________________

DATE                      : 23/02/2005

HARDWARE PLATFORM(S)      : APPLE.

OPERATING SYSTEM(S)       : Mac OS.

======================================================================

APPLE-SA-2005-02-22 Security Update 2005-002

Security Update 2005-002 is now available and delivers the following
security enhancement for Java 1.4.2:

CVE-ID:  CAN-2004-1029

Impact:  Updates Java to address an issue where an untrusted applet
could gain elevated privileges and potentially execute arbitrary
code.

Description:  A vulnerability in the Java Plug-in may allow an
untrusted applet to escalate privileges, through JavaScript calling
into Java code, including reading and writing files with the
privileges of the user running the applet. Releases prior to Java
1.4.2 on Mac OS X are not affected by this vulnerability. Further
information is available in Document ID 57591 from Sun's security web
site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================