Critical Vulnerability in Mac OS X
19 June 2009
FastFacts
- Who: Faculty, Staff, Students (Mac Users Only)
- What: Vulnerability in the OS X operating system
- Client Action: Download and install the latest update via Software Update
CRITICAL: Apple Mac OS X Java Pointer Dereference Remote Code Execution Vulnerability
Affected:
- Apple Mac OS X 10.5.7
- Apple Mac OS X 10.5.6
- Apple Mac OS X 10.5.5
- Apple Mac OS X 10.5.4
- Apple Mac OS X 10.5.3
- Apple Mac OS X 10.5.2
- Apple Mac OS X 10.5.1
- Apple Mac OS X 10.5
Description: The Java Runtime Environment installed by default on Apple Mac OS X contains a remote code execution vulnerability. The error is due to improper validation of input to "apple.laf.CColourUIResource" constructor. The first argument to this constructor, which is a long integer, is interpreted as pointer to a C-object. Successful exploitation may allow an attacker to execute arbitrary code on the vulnerable installations, with the privileges of the logged on user. Attacker will have to entice the user to visit the malicious page to carry out this attack.
Status: Vendor confirmed, updates available (Download and install the latest update via Software Update).
References:
If you have questions or need more information, contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.