Apple said that Java for Mac OS X 10.6 Update 4 improves compatibility, security, and reliability by updating Java SE 6 to 1.6.0_24. The update is only for Mac OS X v10.6.4 or later versions, Apple added.
In addition, the Java for Mac OS X 10.5 Update 9 boosts compatibility, security, and reliability by updating J2SE 5.0 to 1.5.0_28 and updating Java SE 6 to 1.6.0_24 for 64-bit capable Intel-based Macs. Apple said that J2SE 1.4.2 is no longer being updated to fix bugs or security issues and remains disabled by default in the update.
The most serious vulnerability being plugged by both updates would enable an untrusted Java applet to execute arbitrary code outside the Java sandbox.
“Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user”, Apple said in its security update.
The security issues are addressed by updating to Java version 1.6.0_24, Apple added.