Alert GCSA-12066 - APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12066
Data : 19 ottobre 2012
Titolo : APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11
******************************************************************
:: Descrizione del problema
Sono state rilevate varie vulnerabilita' in Java 1.6.0_35 per Mac OS X,
la piu' grave delle quali potrebbe consentire l'esecuzione
di codice arbitrario ad applet Java non affidabili,
durante la navigazione su pagine web artefatte.
:: Software interessati
OS X Lion v10.7
OS X Lion Server v10.7
OS X Mountain Lion 10.8
Mac OS X v10.6.8
Mac OS X Server v10.6.8
:: Impatto
Security Bypass
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare a Java SE 6 version 1.6.0_37
L'upgrade puo' essere installato tramite il
Software Update pane in System Preferences,
o attraverso il sito web Apple:
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT1338
Se non utilizzate gli applet Java e' consigliabile
disabilitare il Java web plug-in nel browser.
Per maggiori informazioni su come disabilitare
Java in Safari consultare la seguente pagina:
http://support.apple.com/kb/HT5241
:: Riferimenti
Apple - Java for OS X 2012-006
http://support.apple.com/kb/DL1572
Apple security updates
http://support.apple.com/kb/HT1222
Oracle Update Release Notes
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
-----BEGIN PGP SIGNATURE-----
iD8DBQFQgTH1wZxMk2USYEIRAou3AKDWqUrNPuIOfcU985dH2ku7ubnnxQCfcQSI
U/3FyhJvi1w3+Kk373LtNyg=
=Pqyo
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-12066
Data : 19 ottobre 2012
Titolo : APPLE-SA-2012-10-16-1 Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 11
******************************************************************
:: Descrizione del problema
Sono state rilevate varie vulnerabilita' in Java 1.6.0_35 per Mac OS X,
la piu' grave delle quali potrebbe consentire l'esecuzione
di codice arbitrario ad applet Java non affidabili,
durante la navigazione su pagine web artefatte.
:: Software interessati
OS X Lion v10.7
OS X Lion Server v10.7
OS X Mountain Lion 10.8
Mac OS X v10.6.8
Mac OS X Server v10.6.8
:: Impatto
Security Bypass
Privilege escalation
Denial of Service
Accesso al sistema
Esposizione di informazioni sensibili
:: Soluzione
Aggiornare a Java SE 6 version 1.6.0_37
L'upgrade puo' essere installato tramite il
Software Update pane in System Preferences,
o attraverso il sito web Apple:
http://www.apple.com/support/downloads/
Mac OS X: Updating your software
http://support.apple.com/kb/HT1338
Se non utilizzate gli applet Java e' consigliabile
disabilitare il Java web plug-in nel browser.
Per maggiori informazioni su come disabilitare
Java in Safari consultare la seguente pagina:
http://support.apple.com/kb/HT5241
:: Riferimenti
Apple - Java for OS X 2012-006
http://support.apple.com/kb/DL1572
Apple security updates
http://support.apple.com/kb/HT1222
Oracle Update Release Notes
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
-----BEGIN PGP SIGNATURE-----
iD8DBQFQgTH1wZxMk2USYEIRAou3AKDWqUrNPuIOfcU985dH2ku7ubnnxQCfcQSI
U/3FyhJvi1w3+Kk373LtNyg=
=Pqyo
-----END PGP SIGNATURE-----