Apple Patches Security Flaws with Java Updates

June 15th, 2009 at 5:21 PM - News by Jeff Gamet

Apple rolled out Java security updates for Mac OS X 10.4 and 10.5 late Monday afternoon. Java for Mac OS X 10.4 Update 9 and Java for Mac OS X 10.5 Update 4 patch a series of flaws that could let a remote attacker gain elevated privileges or execute arbitrary code on the victim's computer.

The security updates address issues in Mac OS X 10.4.11 and 10.5.7 where attackers could use untrusted Java applets to gain elevated privileges on a victim's computer, or where visiting a Web site containing a maliciously crafted Java applet could let an attacker run arbitrary code with the victim's current privileges.

The updates are free and available via the Software Update application, or as downloadable installers for Mac OS X 10.4.11 and 10.5.7 at the Apple Support Web site.

Related Entries
- Psystar Afraid of Losing Intellectual Property

Email This
Tweet This
Jeff Gamet on Twitter

6 Observer Comments

Don Sakers said on June 15th, 2009 at 5:39 PM:

The last Security Update killed my venerable iMac G$ so thoroughly that even reinstalling OSX hasn’t brought it back to full functionality.

And now Apple wants us to install another Security Update? Anyone who does so is taking a terrible chance. Me, I’ll never install another Apple Security Update until I know that no one else’s machine has been hosed by it.

geoduck said on June 15th, 2009 at 6:01 PM:

Not a bad precaution, especially with an older system.

FWIW I’ve installed it on two systems so far, a silver and a white MacBook, running 10.5.7 and it was fine. Like you, I’m waiting to do my G5.

Intruder said on June 15th, 2009 at 6:37 PM:

The last Security Update killed my venerable iMac G$ so thoroughly that even reinstalling OSX hasn’t brought it back to full functionality.

Ummm, yeah. So wiping the previous install (including the security update) and reinstalling the OS doesn’t bring it back? And how does that work, exactly?

I put absolutely no faith in anecdotal “evidence” from unregistered guests. Especially when it makes no sense whatsoever.

James said on June 15th, 2009 at 8:36 PM:

I’ve installed all of these updates without a hitch on G5 systems running 10.5.7. Either the first poster is flat out lying, or there is something seriously wrong with that machine.

vasic said on June 15th, 2009 at 11:21 PM:

While in general it may be a good idea to wait a few days in order to check if someone else may have had some problems with the update, this particular patch is extremely critical. Safari was wide open to serious drive-by java attacks and, in addition to the proof-of-concept site that demonstrated how simple the attack was (absolutely no action by user required to get root privileges after visiting the malicious URL), malicious sites were being reported out there. The worst part is, you just don’t even know you’ve been had by the attacker!

As for these installation problems, if you have a mission-critical machine and are anxious about updating, just do a full back-up (carbon copy cloner or similar) and update. If it’s hosed, reformat, restore and all is well.

jfbiii said on June 16th, 2009 at 9:43 AM:

Safari was wide open to serious drive-by java attacks

Only if you haven’t turned off Java in your preferences, which, seriously, everyone should have done if they were continuing to use Safari after the exploit was announced. Probably still a good idea to only turn it on if you have a specific need and then only when necessary.

Page 1 of 1 pages

Commenting is not available in this section entry.

Recent Headlines - Updated February 10th

Tue, 9:09 PM: Games - Gameloft’s GT Racing Motor Academy Arrives at App Store
6:27 PM: iPad - Apple Job Posting Hints at a Camera in Future iPads
6:22 PM: Product News - Apple Releases Digital Camera RAW Compatibility Update 3.0
6:18 PM: Product News - Apple Updates iLife ‘09 with Aperture 3 Support, Slideshow Performance
4:53 PM: News - Google Introduces “Buzz” Social Information Sharing Service
4:19 PM: Just a Thought - iPad: A Reason For Being
3:28 PM: News - Google Lowers Nexus One “Equipment Recovery Fee” to $150
2:27 PM: Deal Brothers - Refurbished 13” MacBook 2.13GHz Intel Core 2 Duo: $749
1:31 PM: Jeff Gamet's Blog - Macworld Expo: It’s Our Show, Not Apple’s
10:38 AM: Quick Look Review - Texas Tea for the iPhone and iPod touch
10:25 AM: News - Apple Rolls Out Aperture 3 Video Tutorials
10:00 AM: Hot Forum Topic - Backing Up Your iPhoto Library

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8GB Kit $275.99, Mac Pro 4GB Kits $145.99! Sale on MacBook and MacBook Pro 8GB kits $459.99! MacBook, MacBook Pro, iMac Mac mini 4GB Kits for $113.99! 1TB SATA Hard Drives for $109.99! Click here
If you own a car, you need CarMD! Catch problems, estimate repairs and more. Now for Mac. $98.99 at www.CarMD.com Save $10 with code TMO1.
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.