Apple ships fix for critical Java for Mac vulnerabilities

Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

According to an Apple advisory, the most serious flaw could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. This could cause computer takeover attacks if an unpatched user simply surfs to a maliciously rigged Web site.

The Java for Mac patch, available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, addresses security holes in  Java 1.6.0_22 and Java 1.5.0_26.

follow Ryan Naraine on twitter

The raw details:

Multiple vulnerabilities exist in Java 1.6.0_22 and Java 1.5.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24 and Java version 1.5.0_28.

Java for Mac OS X 10.5 Update 9 can be downloaded and installed via the Software Update preferences, or from Apple Downloads.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All