X
Tech

Apple finally patches musty old Java for Mac vulnerabilities

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch.
Written by Ryan Naraine, Contributor

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.

The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch.

Today's patch covers the following:

[ SEE: Mac OS X vulnerable to 6-month old Java flaw ]

  • Multiple vulnerabilities exist in Java 1.5.0_16, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.5 to version 1.5.0_19.
  • Multiple vulnerabilities exist in Java 1.4.2_18, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.4 to version 1.4.2_21. Further information is available via the Sun Java website.

Because of licensing and other hiccups, Apple will always be late with its Java for Mac updates.   Perhaps it's time for Sun to merge the Mac Runtime for Java with the standard Java codebase and ship Java for Mac themselves.

Thoughts?

Editorial standards