Apple updated Java for both Leopard (Mac OS X 10.5.8) and Snow Leopard (Mac OS X 10.6.6) on Tuesday, including the server versions of both OSes. Java for Mac OS X 10.6 Update 4 and Java for Mac OS X 10.5 Update 9 are both security updates for the technology.
Accordingly, the patch notes are somewhat…dry. To wit:
Java for Mac OS X 10.6 Update 4
Java
Available for: Mac OS X v10.6.6, Mac OS X Server v10.6.6
Impact: Multiple vulnerabilities in Java 1.6.0_22
Description: Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
CVE-ID
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4476
For Java for Mac OS X 10.5 Update 9:
Java
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Java 1.6.0_22
Description: Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html.
CVE-ID
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4476Java
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Java 1.5.0_26
Description: Multiple vulnerabilities exist in Java 1.5.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.5.0_28. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html.CVE-ID
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4454
CVE-2010-4462
CVE-2010-4465
CVE-2010-4468
CVE-2010-4469
CVE-2010-4471
CVE-2010-4473
CVE-2010-4476
You can download the update for your Mac through Software Updare. For Snow Leopard, it’s a 78.2MB download.