Apple Security Advisory 2013-06-18-1 - Java for OS X 2013-004 and Mac OS X v10.6 Update 16 are now available and addresses multiple vulnerabilities that include arbitrary code execution issues.
f8e9f7d76bd910c50d277b999c12859be24a831c1a38b126a92577609223f014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and
Mac OS X v10.6 Update 16
Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available
and addresses the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_45
Description: 8011782 Multiple vulnerabilities existed in Java
1.6.0_45, the most serious of which may allow an untrusted Java
applet to execute arbitrary code outside the Java sandbox. Visiting a
web page containing a maliciously crafted untrusted Java applet may
lead to arbitrary code execution with the privileges of the current
user. These issues were addressed by updating to Java version
1.6.0_51. Further information is available via the Java website at ht
tp://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2445
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2461
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3743
CVE_2013-2445
Java for OS X 2013-004 and Mac OS X v10.6 Update 16
may be obtained from the Software Update pane in System Preferences,
Mac App Store, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.Update16.dmg
Its SHA-1 digest is: a6b5a9caa3c0d9acf743da8e4c0e5cfe4e471b01
For OS X Lion and Mountain Lion systems
The download file is named: JavaForOSX2013-004.dmg
Its SHA-1 digest is: 153c3f74d5285d10008fce2004d904da8d2ffdff
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRwL5AAAoJEPefwLHPlZEwju0QALM1IST/ATt2xR1L0AQcaZRX
eiM07MlvAlE9Jv45xqKLUezRU8XQT6+glN51/hBhpyCa8MJIzPiSnnOIAW+vbA5o
RjXQTGPGT1IPSfEk7OWS++566riMLmTOvg45Qn0E/ibOqJHpfrR4wzQX5jpv7lzH
EbdKxn+KWfHCF2y/2LCFifDHUBPCjUlbWTRznDCYVHsFbtDiP/vAZiSXsNJtLTXK
UOD/eGbel2PEqWOOsUNIrzwvztRB+LsYT4xKQQnsEKJqoyMch/UgB1Uo2jgEPn0U
YP3WZbjbDV+UcM+yMoCV/qDFhbJ+qBxTbuwYOHuSDpgqJ7vF8s0cdUUb6U7QLW4/
3ykC7vOUS/JqYkiqwUxuKVpzSUYXrlez36sQuwCR9AOGCJ/0/MwM8QPavFAdGisP
36ZavJ4k2Dp2CfVmWjexpWY7XN9M36Lh57XChxQk9TcbjUJRrqNadlPyzaja3G9a
95Dq1N1dYfLuFm4MtyeDA0xQl8m8ljnSxH3TQoDcTwvvWGIGdG7EEVpdQqM/MTWY
CY2EqMkY3Gouet+QvECYwxOz+g0hcaJd973kSM+5AJ7tVfod93NDW3P13k2cfdTC
uo9IgGkhuNY40NuLpJLtTwlHcTCwBtKPt0BLwXugZdoDrgz1j8Q+fLuASSTkUQxl
3t9MUCG40o5ZQFyWqV1+
=zFXN
-----END PGP SIGNATURE-----