Apple ships fix for critical Java for Mac vulnerabilities

Apple ships fix for critical Java for Mac vulnerabilities

Summary: Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

SHARE:

Apple has released a Java for Mac update to fix multiple security security vulnerabilities, some serious enough to expose Mac OS X users to remote code execution attacks.

According to an Apple advisory, the most serious flaw could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. This could cause computer takeover attacks if an unpatched user simply surfs to a maliciously rigged Web site.

The Java for Mac patch, available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, addresses security holes in  Java 1.6.0_22 and Java 1.5.0_26.follow Ryan Naraine on twitter

The raw details:

Multiple vulnerabilities exist in Java 1.6.0_22 and Java 1.5.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24 and Java version 1.5.0_28.

Java for Mac OS X 10.5 Update 9 can be downloaded and installed via the Software Update preferences, or from Apple Downloads.

Topics: Apple, Hardware, Open Source, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Ahhh the benefits of using a 6 year old computer

    Nobody cares enough to target me.

    G5 for life!
    Tigertank
    • RE: Apple ships fix for critical Java for Mac vulnerabilities

      @Tigertank
      Does that mean I should start using my Dual 800 Mhz G4 again? I wonder if anyone is targeting those?
      Rick_K
      • RE: Apple ships fix for critical Java for Mac vulnerabilities

        @Rick_K <h2 style="color:#fff;font-family:Verdana,sans-serif;font-size:12px;"><a href="http://www.paperstyle.com/is-bin/Christmas-Cards.html">Christmas Cards</a></h2>
        mldriggs
      • RE: Apple ships fix for critical Java for Mac vulnerabilities

        @seolair Your obsession with Mac bashing is sad. Besides, Steve just left us. Show some respect and store your little cry baby rants in a <a href="http://www.storagepost.com/locations/new-york/queens/">queens self storage</a> or a <a href="http://www.storagepost.com/locations/new-york/bronx">bronx self storage</a> unit.
        jordanholland23
    • Older is better?

      Well I have learned one thing in working with computers.
      If you want to be safe, use what everyone else does not.
      Malware people target the biggest user base. Java to me has become worse of a problem then Flash or Adobe reader.
      jscott418-22447200638980614791982928182376
    • RE: Apple ships fix for critical Java for Mac vulnerabilities

      <h2 style="color:#000;font-family:Verdana,sans-serif;font-size:12px;">@Tigertank I'm right there with you, man. <a href="https://www.navyfederal.org/
      ">air force credit union
      </a></h2>
      serpkind
  • Methinks the blogger needs a flossing of the eyes...

    There seems to be a patch for java for up to Snow Leopard. It's either that or they need to drink more and more regularly :P
    ego.sum.stig
  • Why Java is such a problem

    Seems to me Java has more issues then anything else lately. Why they don't get more bad press is my question. We seem to dwell on Flash and Adobe Reader. How come Steve does not lash out at Java like he did with Flash?
    jscott418-22447200638980614791982928182376
  • RE: Apple ships fix for critical Java for Mac vulnerabilities

    Why the double standard. If they are stopping support of Flash over vulnerabilties and speed issues then should also ban Java because it is worse.
    Mythos7
    • RE: Apple ships fix for critical Java for Mac vulnerabilities

      @Mythos7 Because Java is actually used for real applications, whereas flash is just about videos.
      snoop0x7b
  • RE: Apple ships fix for critical Java for Mac vulnerabilities

    I was never a mac person...this post actually made my day!
    <a href="http://www.carters.com/Pajamas/carters-pajamas,default,sc.html">baby pajamas</a> | <a href="http://www.carters.com/Pajamas/carters-pajamas,default,sc.html">kids pajamas</a>
    Izzy Mass
  • RE: Apple ships fix for critical Java for Mac vulnerabilities

    I thought Macs never got hacked?!?! Anyway head over to this <a href="http://www.seolair.com/">SEO Blog</a> and learn about advanced search engine optimization techniques.
    seolair
  • RE: Apple ships fix for critical Java for Mac vulnerabilities

    @seolair

    Your obsession with Mac bashing is sad. Besides, Steve just left us. Show some respect and store your little cry baby rants in a <a href="http://www.storagepost.com/locations/new-york/queens/">queens self storage</a> or a <a href="http://www.storagepost.com/locations/new-york/bronx">bronx self storage</a> unit.
    jordanholland23