Back to search

Apple Java security update for CVE-2013-1491

Severity CVSS Published Added Modified
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) March 08, 2013 April 22, 2013 December 12, 2013

Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Upgrade to Apple Java version 1.6.0.45

Upgrade your copy of Apple Java to 1.6.0.45 by selecting 'Software Update' from the Apple menu, or by using the softwareupdate utility.

Alternatively, Intel-based Macs running OS X 10.7.3 or later may download Java 7 directly from Oracle.

Related Vulnerabilities