Apple Patches 15 Java for Mac Security Flaws

Apple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.
The Java for Mac OS X 10.5 Update 5 includes patches for security holes covered by Sun Microsystems last month.

Apple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.

The Java for Mac OS X 10.5 Update 5 includes patches for security holes covered by Sun Microsystems last month.

From Apple’s advisory:

  • Multiple vulnerabilities exist in Java 1.6.0_13, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • Multiple vulnerabilities exist in Java 1.5.0_19, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • Multiple vulnerabilities exist in Java 1.4.2_21, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • A stack buffer overflow exists in Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution.

Java for Mac OS X 10.5 Update 5 is available via the Software Update pane in System Preferences, or Apple’s Software Downloads Web site.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.