If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust.
If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. Impact: Authentication relying on certificate-based Apple ID authentication may be bypassedĭescription: An error handling issue existed in Identity Services. This issue was addressed by updating the EUC-JP mapping table. Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attackĭescription: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory. Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabledĭescription: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences.ĬVE-2013-0966 : Clint Ruoho of Laconic SecurityĪvailable for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentialsĭescription: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences.
#Java for mac os 10.8.3 mac os x#
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
0 kommentar(er)
