Apple fixes old Java for Mac security holes

Summary:The Java for Mac patch batch, available for Mac OS X 10.5 and Mac OS X 10.6, includes a fix for a vulnerability that's more than a year old.

Apple has released a Java for Mac update to fix about 30 documented vulnerabilities, including some that exposes Mac users to remote code execution attacks.

The Java for Mac patch batch, available for Mac OS X 10.5 and Mac OS X 10.6, includes a fix for a vulnerability that's more than a year old.

Here's the skinny from an Apple advisory:

  • Multiple vulnerabilities exist in Java 1.6.0_17, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • follow Ryan Naraine on twitter
  • Multiple vulnerabilities exist in Java 1.5.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • An out of bounds memory access issue exists in the handling of mediaLibImage objects. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user. This issue only affects the Mac OS X implementation of Java.
  • A signedness issue exists in the handling of window drawing. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user.

The Java for Mac updates are available via the Software Update pane in System Preferences or from Apple's Software Downloads site.

Topics: Software Development, Apple, Hardware, Open Source, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.