Apple today released Java for Mac OS X 10.5 Update 2 with patches for a total of 25 documented security flaws that could expose Mac users to malicious code execution attacks.
Two of the 25 flaws are specific to Apple and could be exploited to launch drive-by attacks if a Mac user is tricked into visiting a maliciously rigged Web page.
The two bugs affect Mac OS X v10.5.4 and Mac OS X Server v10.5.4 and address:
CVE-2008-3638: The Java plug-in does not block applets from launching file:// URLs. Visiting a website containing a maliciously crafted Java applet may allow a remote attacker to launch local files, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This is an Apple-specific issue. Credit to Nitesh Dhanjani and Billy Rios for reporting this issue.
CVE-2008-3637: An error checking issue leading to the use of an uninitialized variable exists in the Hash-based Message Authentication Code (HMAC) provider used for generating MD5 and SHA-1 hashes. Visiting a website containing a maliciously crafted Java applet may lead to arbitrary code execution. This update addresses the issue through improved error handling. This is an Apple-specific issue. Credit to Radim Marek for reporting this issue.
The mega update also addresses multiple serious vulnerabilities in Java 1.4.2_16, Java 1.5.0_13 and Java 1.6.0_05.