Softpedia >News >Apple >Mac
Softpedia Homepage   

Apple Updates Java, Patches Numerous Vulns

Updates 4 and 9 for Leopard and Tiger deliver improved reliability, security, and compatibility

Jun 16, 2009 06:34 GMT  ·  By
Java update icon (Mac version)
   Java update icon (Mac version)

Apple has released Java updates for Mac OS X Tiger and Leopard, addressing security issues, while improving the reliability and compatibility with Sun Microsystems’ platform. PC users generally get the updates straight from the Java makers, while Mac owners need to wait for Apple to release its own set of updates for their respective OS.

“Java for Mac OS X 10.5 Update 4 delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later,” Apple explains on the Support section of its website. “This release updates Java SE 6 to version 1.6.0_13, J2SE 5.0 to version 1.5.0_19, and J2SE 1.4.2 to 1.4.2_21,” the description reads.

“Java for Mac OS X 10.4, Release 9 delivers improved reliability, security and compatibility for J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.4.11 and later,” the description for Tiger users goes. “This release updates J2SE 5.0 to version 1.5.0_19 and J2SE 1.4.2 to version 1.4.2_21.” Both Tiger and Leopard users updating Java on their Macs are required to quit all web browsers before installing this update.

As for the security side of the updates, Apple has posted additional documentation for those looking to learn exactly what holes have been patched. One of the vulnerabilities addressed by the update in Mac OS X Leopard Client and Server, which allows untrusted Java applets to obtain elevated privileges, is described as follows:

Description: Multiple vulnerabilities in the “Aqua Look and Feel for Java” implementation may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with elevated privileges. This update addresses the issues by denying access to internal details of Aqua Look and Feel for untrusted Java applets. This issue only affects Java 1.5 on Mac OS X v10.5 systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

Full documentation on the patched holes can be found here (for Leopard) and here (for Tiger). Readers can use the link below to download their respective version of the Java Update immediately. Low bandwidth users should be patient as the hefty 160MB update downloads onto their hard drive.

Download Java for Mac OS X 10.5 Update 4/10.4 Release 9 (Free)