Apple finally patches musty old Java for Mac vulnerabilities

Summary:Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch.

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.

The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch.

Today's patch covers the following:

[ SEE: Mac OS X vulnerable to 6-month old Java flaw ]

  • Multiple vulnerabilities exist in Java 1.5.0_16, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.5 to version 1.5.0_19.
  • Multiple vulnerabilities exist in Java 1.4.2_18, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.4 to version 1.4.2_21. Further information is available via the Sun Java website.

Because of licensing and other hiccups, Apple will always be late with its Java for Mac updates.   Perhaps it's time for Sun to merge the Mac Runtime for Java with the standard Java codebase and ship Java for Mac themselves.

Thoughts?

Topics: Security, Apple, Hardware, Open Source, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.