14 DAY TRIAL // Apple has patched multiple vulnerabilities in Java 1.6.0_45 and has made this patch public with the release of Java for OS X 2013-004 and Java for Mac OS X v10.6 Update 16.
According to Apple’s Support site, Java for OS X 2013-004 supersedes all previous versions of Java for the Mac and “updates the Apple-provided system Java SE 6 to version 1.6.0_51 and is for OS X versions 10.7 or later.”
It adds, “This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled ‘Missing plug-in’ to go download the latest version of the Java applet plug-in from Oracle.”
The update further removes the Java Preferences application, “which is no longer required to configure applet settings,” Apple notes.
As far as Java for Mac OS X v10.6 Update 16 is concerned, the new version reportedly enables website-by-website control of the Java plug-in within Safari 5.1.9 and newer versions of the browser.
“This release updates the Apple-provided system Java SE 6 to version 1.6.0_51 for Mac OS X v10.6,” Apple reveals.
As usual, the Mac maker discloses the actual security issues behind this update in a separate advisory on its site.
Apple informs the public that Java 1.6.0_45 was chock-full of vulnerabilities, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.”
The bugs would be exploited by having the user visit a web page containing a maliciously crafted untrusted Java applet, which could “lead to arbitrary code execution with the privileges of the current user.”
By updating to Java version 1.6.0_51, Apple has addressed these issues. In typical manner, the company provides a full disclosure of the contents of these updates by directing customers to the Oracle site.