====================================================================

                                 CERT-Renater

                       Note d'Information No. 2012/VULN181
____________________________________________________________________

DATE                : 13/04/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Mac OS X versions 10.6.8, Server v10.6.8, 10.7.3,
                           Server 10.7.3 running Java.

======================================================================
http://support.apple.com/kb/HT5247
______________________________________________________________________

APPLE-SA-2012-04-12-1 Java for OS X 2012-003 and
Java for Mac OS X 10.6 Update 8

Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now
available and addresses the following:

Java
Available for:  OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact:  The Java browser plugin and Java Web Start are deactivated
if they remain unused for 35 days
Description:  As a security hardening measure, the Java browser
plugin and Java Web Start are deactivated if they are unused for 35
days. Installing this update will automatically deactivate the Java
browser plugin and Java Web Start. Users may re-enable Java if they
encounter Java applets on a web page or Java Web Start applications.
Further information is available at
http://support.apple.com/kb/HT5242

Java
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact:  A Flashback malware removal tool will be run
Description:  This update runs a malware removal tool that will
remove the most common variants of the Flashback malware. If the
Flashback malware is found, it presents a dialog notifying the user
that malware was removed. There is no indication to the user if
malware is not found.

Note: These updates include the security content from Java for
OS X 2012-002 and Java for Mac OS X 10.6 Update 7.


Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: e1da5dc40607eef88bff66a43ba5cdf6ac570225

For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 4e6fce49e9a3e07533398af8d8b0327136feead5

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================