Apple brings Java up to date

Stephen Withers
Friday, 04 December 2009 02:53

Business IT - Security

Apple has released updates for its versions of Java for Mac OS X 10.6 and 10.5.

Sun manages Java development for Windows, Linux and Solaris, but Apple takes care of the Mac implementation. Consequently, Java for Mac OS X tends to be behind the curve.

With the release of Mac OS X 10.6 Update 1 and Java for Mac OS X 10.5 Update 6, Apple has caught up with Java Version 6 Update 17. The updates leapfrog Update 16, which was not released for Mac OS X.

Java for Mac OS X 10.6 Update 1 includes fixes for multiple vulnerabilities found in Java Version 6 Update 15, including a privilege escalation issue that could allow an applet in a web page to gain the privileges of the current user. If the user has administrator privileges, that could lead to serious problems.

Java for Mac OS X 10.5 Update 6 also delivers Java Version 6 Update 15, along with Java Version 5 Update 20 which fixes a similar set of vulnerabilities. It also patches Java Version 4 to Update 20 (again fixing privilege escalation problems)

Both updates also improve the handling of expired certificates so they are not treated as valid.

The relevant updates can be installed via Software Update or downloaded from Software Downloads.

A restart is required after installation.