Apple releases Java security updates
Apple has issued Java updates for versions 10.5 Leopard and 10.6 Snow Leopard of its Mac OS X operating system, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java SE 6 Update 24 from the middle of February, which addressed a floating point vulnerability that affected Java.
Update 4 for Mac OS X 10.6 fixes 16 vulnerabilities, while Update 9 for Mac OS X 10.5 closes 27 holes. According to Apple, many of the issues could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox when visiting a malicious web page. Java for Mac OS X 10.6 Update 4 requires version 10.6.4 or later and Java for Mac OS X 10.5 Update 9 requires 10.5.8 or later.
More details about the updates, including a full list of closed vulnerabilities, can be found in Apple's security advisories. The updates can be downloaded via Apple's built-in Software Update service. Alternatively, Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 are available to download from Apple's web site. All users are advised to update as soon as possible.
See also:
- About the security content of Java for Mac OS X 10.6 Update 4, security advisory from Apple.
- About the security content of Java for Mac OS X 10.5 Update 9, security advisory from Apple.
- Hackers versus Apple, a feature from The H.
(crve)