Apple patches critical Java for Mac, Mac OS X security holes

Apple has shipped a high-priority Java for Mac update to cover multiple security vulnerabilities that expose Mac OS X users to hacking attacks.

Apple has shipped a high-priority Java for Mac update to cover multiple security vulnerabilities that expose Mac OS X users to hacking attacks.

According to warnings from Apple, the vulnerabilities could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.

The risks:

Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

The updates are available for Mac OS X v10.6.6 and Mac OS X v10.5.8.

follow Ryan Naraine on twitter

The Java for Mac patches follows the weekend release of a major Mac OS X security update to cover major security holes.

Some of the Mac OS X security holes could lead to remote code execution via rigged fonts or PDF files. The components affected by critical vulnerabilities include ATS, ColorSync, CoreFoundation, CoreGraphics, ImageIO.

Apple also warned about security flaws in MobileMe, MySQL, OpenSSL, QuickLook and QuickTime.