Apple ships fix for critical Java for Mac vulnerabilities

Summary:Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

According to an Apple advisory, the most serious flaw could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. This could cause computer takeover attacks if an unpatched user simply surfs to a maliciously rigged Web site.

The Java for Mac patch, available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, addresses security holes in  Java 1.6.0_22 and Java 1.5.0_26.

follow Ryan Naraine on twitter

The raw details:

Multiple vulnerabilities exist in Java 1.6.0_22 and Java 1.5.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24 and Java version 1.5.0_28.

Java for Mac OS X 10.5 Update 9 can be downloaded and installed via the Software Update preferences, or from Apple Downloads.

Topics: Apple, Hardware, Open Source, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.