Apple has released the latest versions of J2SE 5.0 (1.5.0_22) and Java SE 6 (1.6.0_17) for Mac OS X 10.5 Leopard, improving their reliability and security. The update supersedes all prior Java for Mac OS X updates.
The update addresses multiple security vulnerabilities that could enable an untrusted Java applet on a maliciously crafted Web site to obtain elevated user privileges and execute arbitrary code. A vulnerability that caused expired Java applet certificates to be treated as valid has also been addressed. Details regarding the security aspects of this update are available on Apple’s Web site.
Java 1.4.2_22, which is no longer being updated, is also vulnerable to these issues and has thus been disabled by default in this update.
The update requires Mac OS X 10.5.8, supports both Intel-based and PowerPC-based Macs (though Java SE 6 is available only on 64-bit Intel-based Macs), and is available via Software Update or the Apple Support Downloads page. (Free, 122 MB)