Fixes for a number of serious vulnerabilities [1] in the version of Java in Mac OS X 10.4 and 10.5 were released by Apple today - about six months after Sun Microsystems released updated packages [2] for all other platforms that Sun supports, including Windows. Apple releases its own updated versions of Java for Mac OS X.

As Rich Mogull discussed in "Protect Yourself from the Mac OS X Java Vulnerability [3]" (2009-05-20), the flaws could allow a Java applet on a malicious Web site to execute arbitrary code on your computer, among other vulnerabilities. To work around the problem, Rich explained how to disable Java in Safari and Firefox. Rich also chided Apple for leaving such a major hole unpatched for so long.

The Java updates can be retrieved via Software Update, or at Apple's Support Download site. The updates are listed for the last or latest releases of Leopard and Tiger: Mac OS X 10.5.7 [4] (158 MB) and Mac OS X 10.4.11 [5] (80 MB). No restart is required, but all browsers should be quit before installing the updates.

[1]: http://support.apple.com/kb/HT3179
[2]: http://www.java.com/en/download/manual.jsp
[3]: http://db.tidbits.com/article/10292
[4]: http://support.apple.com/downloads/Java_for_Mac_OS_X_10_5_Update_4
[5]: http://support.apple.com/downloads/Java_for_Mac_OS_X_10_4__Release_9

Permanent article URL: http://db.tidbits.com/article/10352
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2009 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.