Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking
    • Servers

    Security Patch Watch: Apple Plugs Mac OS X Java Holes

    By
    Ryan Naraine
    -
    September 14, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Apple Computer Inc. late Tuesday posted a Java security update for Mac OS X to plug five vulnerabilities that could cause system hijack, security bypass, data manipulation and privilege escalation attacks.

      In a security advisory, Apple posted a Java Security update for users of Mac OS X 10.3.9 and recommended that customers running Mac OS X 10.4 or later apply the Java 1.3.1 and 1.4.2 Release 2 update.

      Security alerts aggregator Secunia Inc. rates the update as “moderately critical” and warned that the most serious flaw—an error in the handling of temporary files—can be exploited in combination with a race condition to corrupt or create arbitrary files.

      The update also corrects a race condition in the privileged helper that creates temporary files insecurely when updating Java shared archives. This can be exploited by local attackers to corrupt or create arbitrary files.

      A third vulnerability is due to an unspecified error when launching the utility used to update Java shared archives. This can be exploited by malicious hackers to execute arbitrary commands with elevated privileges, Apple warned.

      The company also fixed an error that occurs when handling specially crafted applets. Using this flaw, attackers can create malicious Web pages to bypass the default security restrictions and allow untrusted applets to elevate privileges when using Mac OS X specific extensions.

      The update also addresses an error that causes the same port to be opened as a Java ServerSocket multiple times, which could allow a Java program to intercept data intended for the ServerSocket of a different Java program.

      /zimages/6/28571.gifTo read about an Apple mega patch that plugged 20 Mac OS X holes, click here.

      Download locations for Java version 1.4.2_09 or 1.3.1_16 can be found at Apples support Web site.

      Sun Java System Application Server Flaw Patched

      Network computing giant Sun Microsystems Inc. has posted a patch for a file exposure vulnerability in the Sun Java System Application Server.

      Sun, based in Santa Clara, Calif., warned in an advisory that the flaw can be exploited by malicious people to disclose certain sensitive information.

      The vulnerability was described as an error in the directory listing feature when a deployed Web application created for the Sun Java System Application Server contains “jar” files.

      Attackers could exploit the hole to view the contents of these “jar” files.

      Affected products include the Sun Java System Application Server Platform Edition 8.1 2005 Q1, 8.1 2005 Q1 UR1 and the Sun Java System Application Server Enterprise Edition 8.1 2005 Q1.

      Users are urged to apply the appropriate vendor patches.

      Multiple Linksys WRT54G Router Vulnerabilities

      A private security research firm has issued a warning for multiple security vulnerabilities in the popular Linksys WRT54G router.

      iDefense Inc., the company that reported to flaw to the Cisco System Inc.s Linksys unit, said the flaws can exploited by attackers to bypass security policies, cause a denial of service crash or execute arbitrary commands.

      The flaws affect Linksys WRT54G firmware versions prior to 4.20.7.

      According to iDefense, an error in the “ezconfig.asp” script that does not properly validate the “do_auth” parameter could open the door for an attacker on the LAN (local area network) to modify the configuration of the affected router.

      A second bug is due to an input validation error in the “apply.cgi” script that does not properly handle an overly long POST parameter.

      This could be exploited by malicious hackers on the LAN to cause a buffer overflow and execute arbitrary commands on the affected router with root privileges.

      Linksys WRT54G router users are urged to update to firmware version 4.20.7. Download locations have been added to the iDefense advisory.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×