Apple releases Java updates
Apple has released security updates for Java for Mac OS X 10.6 and 10.5, finally bringing its two latest operating systems up to date. The updates include Java 6 Update 17 from early November and patch a number of well-known vulnerabilities. These include various buffer and integer overflows triggered by crafted audio and image files, which can be exploited by Java applets.
A vulnerability in 'Java Web Start' applications to escalate their privileges and allow system infection has been addressed and a vulnerability in the Java Runtime Environment Deployment Toolkit allows websites to inject and execute code. Additionally, Java update for Mac OS X 10.5 Update 6 disables Java 1.4.2 as it is no longer being updated.
The updates are available on Apple's Software Update service. Alternatively, Java for Mac OS X 10.6 Update 1 is available to download for Mac OS X 10.6.2 or later. Java for Mac OS X 10.5 Update 6 is available to download for Mac OS X 10.5.8 or later. All users are advised to update.
See also:
- About the security content of Java for Mac OS X 10.6 Update 1, security advisory from Apple.
- About the security content of Java for Mac OS X 10.5 Update 6, security advisory from Apple.
- Java 6 Update 17 fixes multiple security vulnerabilities, a report from The H.
(crve)