The updates are available for Java 1.6.0_28 and Java 1.5.0_28 for OS X 10.5 Leopard and Java 1.6.0_24 for OS X 10.6 Snow Leopard.
For both the Leopard and Snow Leopard updates, Apple explained that “multiple vulnerabilities exist” in Java 1.6.0_24 and Java 1.5.0_28, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.”
The Java security updates come on the heels of major security updates for Mac OS X announced over the weekend. Apple fixed 40 security flaws and this may be the last security update for its Snow Leopard version of the operating system. Apple has also issued security updates for its Mac OS X Snow Leopard Server edition, now at version 10.6.8. Apple’s new Lion OS is expected to be available at some point in July.
In March, Apple plugged 22 security flaws in Java for Leopard and Snow Leopard. The same reasons was given for patching the most serious flaws: “Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user”, it said.
The current Java updates can be downloaded and installed via Software Update preferences or from Apple Downloads.