Business
Apple plugs 15 Java for Mac security holes
Apple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The Java for Mac OS X 10.5 Update 5 includes patches for security holes covered by Sun Microsystems last month.
From Apple's advisory:
- Multiple vulnerabilities exist in Java 1.6.0_13, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- Multiple vulnerabilities exist in Java 1.5.0_19, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- Multiple vulnerabilities exist in Java 1.4.2_21, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- A stack buffer overflow exists in Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution.
Java for Mac OS X 10.5 Update 5 is available via the Software Update pane in System Preferences, or Apple's Software Downloads Web site.