Apple Releases Java Updates Addressing Critical Vulnerabilities

Apple today released updated versions of its Java for OS X for both OS X 10.5 Leopard and OS X 10.4 Tiger. The updates address several vulnerabilities that could allow maliciously crafted Java applets to gain elevated privileges leading to arbitrary code execution.

The updates come less than a month after former Apple engineer Landon Fuller released a proof-of-concept exploit demonstrating the vulnerabilities in order to bring attention to the issue. While the vulnerabilities Fuller highlighted were discovered last August and patched by Sun last December, Apple had yet to address the issues in its own implementation of Java until today's releases.

- Java for Mac OS X 10.5 Update 4 (158 MB)

Java for Mac OS X 10.5 Update 4 delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later.

This release updates Java SE 6 to version 1.6.0_13, J2SE 5.0 to version 1.5.0_19, and J2SE 1.4.2 to 1.4.2_21.

Please quit all web browsers before installing this update.

- Java for Mac OS X 10.4, Release 9 (80.11 MB)

Java for Mac OS X 10.4, Release 9 delivers improved reliability, security and compatibility for J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.4.11 and later.

This release updates J2SE 5.0 to version 1.5.0_19 and J2SE 1.4.2 to version 1.4.2_21.

Please quit all web browsers before installing this update.

Further information is available in Apple's security documents (Leopard, Tiger) associated with the updates.