Sun acknowledged that multiple buffer and integer overflow vulnerabilities exist in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. The advisory was posted here.
Handler Mark Hofman posted a onliner on 3 Dec 2009 on the released of an Apple Java update APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6) that fixed a number of issues. Sun had released a Java update for all platforms (Windows, Solaris and Linux), it is a good time to patch for this vulnerability because exploit code has been made public. For now, browsers on unpatched systems will crash but that could soon change.
You can find the Windows, Solaris and Linux update here.
You can find the Apple update here.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Dec 5th 2009
9 years ago