Fixes for a number of serious vulnerabilities in the version of Java in Mac OS X 10.4 and 10.5 were released by Apple today – about six months after Sun Microsystems released updated packages for all other platforms that Sun supports, including Windows. Apple releases its own updated versions of Java for Mac OS X.
As Rich Mogull discussed in “Protect Yourself from the Mac OS X Java Vulnerability” (2009-05-20), the flaws could allow a Java applet on a malicious Web site to execute arbitrary code on your computer, among other vulnerabilities. To work around the problem, Rich explained how to disable Java in Safari and Firefox. Rich also chided Apple for leaving such a major hole unpatched for so long.
The Java updates can be retrieved via Software Update, or at Apple’s Support Download site. The updates are listed for the last or latest releases of Leopard and Tiger: Mac OS X 10.5.7 (158 MB) and Mac OS X 10.4.11 (80 MB). No restart is required, but all browsers should be quit before installing the updates.