Apple fixes old Java for Mac security holes

Apple fixes old Java for Mac security holes

Summary: The Java for Mac patch batch, available for Mac OS X 10.5 and Mac OS X 10.6, includes a fix for a vulnerability that's more than a year old.

SHARE:

Apple has released a Java for Mac update to fix about 30 documented vulnerabilities, including some that exposes Mac users to remote code execution attacks.

The Java for Mac patch batch, available for Mac OS X 10.5 and Mac OS X 10.6, includes a fix for a vulnerability that's more than a year old.

Here's the skinny from an Apple advisory:

  • Multiple vulnerabilities exist in Java 1.6.0_17, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • follow Ryan Naraine on twitter
  • Multiple vulnerabilities exist in Java 1.5.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • An out of bounds memory access issue exists in the handling of mediaLibImage objects. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user. This issue only affects the Mac OS X implementation of Java.
  • A signedness issue exists in the handling of window drawing. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user.

The Java for Mac updates are available via the Software Update pane in System Preferences or from Apple's Software Downloads site.

Topics: Software Development, Apple, Hardware, Open Source, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • The vulnerability might have existed for more than a year, but..

    ..Sun provided the fix way less than a year ago, so that's hardly fair.
    AzuMao
  • Quite Unfortunate...

    It's quite unfortunate that Apple, who makes a secure operating system that is free of viruses, has to work overtime to fix vulnerabilities in third party software like SUN JAVA...
    Trolleur
  • @Trolleur

    Apple chooses to use their own Java implementation. They could let Sun provide one, but they don't. Any effort they put out fixing Java is their responsibility. It's not unfortunate, it's Apple's responsibility stemming from their own decisions.

    Don't be too smug about OS X either. The fact that OS X has not been exploited on a large scale does not make it "a secure OS". OS X has holes, some well documented. Google the name Charlie Miller. What he has done, any malware writer could have done. No one has chosen to target the OS on a large scale, but that can change.
    use_what_works_4_U
  • RE: Apple fixes old Java for Mac security holes

    Great! !! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane