“Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user”, Apple explained in its security update.
Apple said the update provides "improved compatibility, security and reliability" for the Mac operating systems.
Vulnerabilities in third-party components such as Java have been a growing concern for businesses, as patches can often be missed by users and administrators. Java poses a particular risk because the need for extensive testing by administrators can often leave computers exposed to vulnerabilities for extended periods.
In June, Apple addressed similar security issues in Java 1.6.0_24 and Java 1.5.0_28 for Leopard and Snow Leopard. Apple said it plugged “multiple vulnerabilities” in Java, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.”