ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple ships fix for critical Java for Mac vulnerabilities

By | March 8, 2011, 2:07pm PST

Summary: Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

According to an Apple advisory, the most serious flaw could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. This could cause computer takeover attacks if an unpatched user simply surfs to a maliciously rigged Web site.

The Java for Mac patch, available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, addresses security holes in  Java 1.6.0_22 and Java 1.5.0_26.follow Ryan Naraine on twitter

The raw details:

Multiple vulnerabilities exist in Java 1.6.0_22 and Java 1.5.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24 and Java version 1.5.0_28.

Java for Mac OS X 10.5 Update 9 can be downloaded and installed via the Software Update preferences, or from Apple Downloads.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Macintosh, Apple Inc., Programming Languages, Java, Software Development, Software/Web Development, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
13
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple ships fix for critical Java for Mac vulnerabilities
jordanholland23 18th Oct
@seolair Your obsession with Mac bashing is sad. Besides, Steve just left us. Show some respect and store your little cry baby rants in a queens self storage or a bronx self storage unit.
View in thread
0 Votes
+ -
Ahhh the benefits of using a 6 year old computer
Tigertank 8th Mar 2011
Nobody cares enough to target me.

G5 for life!
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
Rick_K 8th Mar 2011
@Tigertank
Does that mean I should start using my Dual 800 Mhz G4 again? I wonder if anyone is targeting those?
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
mldriggs 18th Oct
@Rick_K Christmas Cards
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
jordanholland23 18th Oct
@seolair Your obsession with Mac bashing is sad. Besides, Steve just left us. Show some respect and store your little cry baby rants in a queens self storage or a bronx self storage unit.
0 Votes
+ -
Older is better?
jscott418 9th Mar 2011
Well I have learned one thing in working with computers.
If you want to be safe, use what everyone else does not.
Malware people target the biggest user base. Java to me has become worse of a problem then Flash or Adobe reader.
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
serpkind 18th Oct
@Tigertank I'm right there with you, man. air force credit union
0 Votes
+ -
Methinks the blogger needs a flossing of the eyes...
ego.sum.stig@... 8th Mar 2011
There seems to be a patch for java for up to Snow Leopard. It's either that or they need to drink more and more regularly :P
0 Votes
+ -
Why Java is such a problem
jscott418 9th Mar 2011
Seems to me Java has more issues then anything else lately. Why they don't get more bad press is my question. We seem to dwell on Flash and Adobe Reader. How come Steve does not lash out at Java like he did with Flash?
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
Mythos7 9th Mar 2011
Why the double standard. If they are stopping support of Flash over vulnerabilties and speed issues then should also ban Java because it is worse.
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
snoop0x7b 9th Mar 2011
@Mythos7 Because Java is actually used for real applications, whereas flash is just about videos.
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
Izzy Mass 5th Oct
I was never a mac person...this post actually made my day!
baby pajamas | kids pajamas
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
seolair Updated - 7th Oct
I thought Macs never got hacked?!?! Anyway head over to this SEO Blog and learn about advanced search engine optimization techniques.
0 Votes
+ -
RE: Apple ships fix for critical Java for Mac vulnerabilities
jordanholland23 11th Oct
@seolair

Your obsession with Mac bashing is sad. Besides, Steve just left us. Show some respect and store your little cry baby rants in a queens self storage or a bronx self storage unit.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix