===================================================================== CERT-Renater Note d'Information No. 2013/VULN096 _____________________________________________________________________ DATE : 05/03/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Mac OS X running Java versions prior to 1.6.0_43. ====================================================================== http://support.apple.com/kb/HT5666 ______________________________________________________________________ APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_41 Description: Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_43. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-0809 CVE-2013-1493 Java for OS X 2013-002 and Java for Mac OS X 10.6 Update 14 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: 0f61f751f0a93a3a16824a826dc32bad5d9a981d For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-002.dmg Its SHA-1 digest is: 47e38cf089a6a7bba9e2b0b387fe09e2b77e10a6 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================