Apple has released a security update for Mac OS X 10.5 and Mac OS X 10.6 that fixes security vulnerabilities in Java for Mac, including a vulnerability that is more than a year old. The update is available through the software update pane in System Preferences or on Apple’s website. Here’s a summary of some of the vulnerabilities that are fixed:
- In Java 1.6.0_17 and 1.5.0_22, the most serious vulnerability allows a Java applet to execute arbitrary code outside the Java sandbox.
- There is an issue in the handling of mediaLibImage objects. A maliciously crafted Java applet can lead to unexpected application termination or arbitrary code execution.
- An issue in the handling of window drawing allows a maliciously crafted applet to terminate applications or execute code.
Via ZDNet, image via ZDNet.