Apple catches up with Java security updates
Apple has released Java updates for versions 10.5 and 10.6 of Mac OS X, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java 6 Update 20 from mid-April, which patched a remotely exploitable security vulnerability that affected Java when running in a 32-bit web browser.
The Java for Mac OS X updates also include other previously missing Java 6 updates, including Java 6 Update 18 which included more than 350 bug fixes and added support for Windows 7, as well as Ubuntu 8.04 LTS Desktop Edition, SUSE Linux Enterprise Server 11 and Red Hat Enterprise Linux 5.3. Java 6 Update 19 from the end of March addressed a total of 26 vulnerabilities, some of which were rated as critical. Previously, the latest versions of Mac OS X were only updated to Java 6 Update 17, released in early December.
More details about the updates, including a full list of closed vulnerabilities, can be found in Apple's security advisories. The updates are available via Apple's built-in Software Update service. Alternatively, Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 are available to download from Apple's web site. All users are advised to update as soon as possible.
- About the security content of Java for Mac OS X 10.6 Update 2, security advisory from Apple.
- About the security content of Java for Mac OS X 10.5 Update 7, security advisory from Apple.
- Apple patch closes Pwn2Own hole in Mac OS X, a report from The H.
- Apple releases Mac OS X 10.6.3 update, a report from The H.