Apple Computer Inc. late Tuesday posted a Java security update for Mac OS X to plug five vulnerabilities that could cause system hijack, security bypass, data manipulation and privilege escalation attacks.
Security alerts aggregator Secunia Inc. rates the update as “moderately critical” and warned that the most serious flaw—an error in the handling of temporary files—can be exploited in combination with a race condition to corrupt or create arbitrary files.
The update also corrects a race condition in the privileged helper that creates temporary files insecurely when updating Java shared archives. This can be exploited by local attackers to corrupt or create arbitrary files.
A third vulnerability is due to an unspecified error when launching the utility used to update Java shared archives. This can be exploited by malicious hackers to execute arbitrary commands with elevated privileges, Apple warned.
The company also fixed an error that occurs when handling specially crafted applets. Using this flaw, attackers can create malicious Web pages to bypass the default security restrictions and allow untrusted applets to elevate privileges when using Mac OS X specific extensions.
The update also addresses an error that causes the same port to be opened as a Java ServerSocket multiple times, which could allow a Java program to intercept data intended for the ServerSocket of a different Java program.
Download locations for Java version 1.4.2_09 or 1.3.1_16 can be found at Apples support Web site.
Sun Java System Application Server Flaw Patched
Network computing giant Sun Microsystems Inc. has posted a patch for a file exposure vulnerability in the Sun Java System Application Server.
Sun, based in Santa Clara, Calif., warned in an advisory that the flaw can be exploited by malicious people to disclose certain sensitive information.
The vulnerability was described as an error in the directory listing feature when a deployed Web application created for the Sun Java System Application Server contains “jar” files.
Attackers could exploit the hole to view the contents of these “jar” files.
Affected products include the Sun Java System Application Server Platform Edition 8.1 2005 Q1, 8.1 2005 Q1 UR1 and the Sun Java System Application Server Enterprise Edition 8.1 2005 Q1.
Users are urged to apply the appropriate vendor patches.
Multiple Linksys WRT54G Router Vulnerabilities
A private security research firm has issued a warning for multiple security vulnerabilities in the popular Linksys WRT54G router.
iDefense Inc., the company that reported to flaw to the Cisco System Inc.s Linksys unit, said the flaws can exploited by attackers to bypass security policies, cause a denial of service crash or execute arbitrary commands.
The flaws affect Linksys WRT54G firmware versions prior to 4.20.7.
According to iDefense, an error in the “ezconfig.asp” script that does not properly validate the “do_auth” parameter could open the door for an attacker on the LAN (local area network) to modify the configuration of the affected router.
A second bug is due to an input validation error in the “apply.cgi” script that does not properly handle an overly long POST parameter.
This could be exploited by malicious hackers on the LAN to cause a buffer overflow and execute arbitrary commands on the affected router with root privileges.
Linksys WRT54G router users are urged to update to firmware version 4.20.7. Download locations have been added to the iDefense advisory.