Apple released Java for Mac OS X 10.5 Update 10 and Java for Mac OS X 10.6 Update 5 Tuesday, both of which update Java SE 6 to 1.6.0_26, while the Leopard patch also addresses issues in Java 1.5.x. In both cases, however, “multiple vulnerabilities” in Java are addressed in the updates, several of which could allow the bad guys to gain control of your Mac.
The releases notes for the update specify only the update of the update to Java SE 6. The security notes, however, detail the fixes included in the update(s).
First, the Leopard security notes:
Java for Mac OS X 10.5 Update 10
- Java
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Java 1.6.0_24
Description: Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_26. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
CVE-ID
CVE-2011-0802
CVE-2011-0814
CVE-2011-0862
CVE-2011-0863
CVE-2011-0864
CVE-2011-0865
CVE-2011-0867
CVE-2011-0868
CVE-2011-0869
CVE-2011-0871
CVE-2011-0873- Java
- Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Java 1.5.0_28
Description: Multiple vulnerabilities exist in Java 1.5.0_28, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.5.0_30. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/documentation/overview-137139.html
CVE-ID
CVE-2011-0802
CVE-2011-0814
CVE-2011-0862
CVE-2011-0864
CVE-2011-0865
CVE-2011-0867
CVE-2011-0871
CVE-2011-0873
Lastly, the Snow Leopard security notes:
Java for Mac OS X 10.6 Update 5
-
- Available for: Mac OS X v10.6.6 and later, Mac OS X Server v10.6.6 and later
Impact: Multiple vulnerabilities in Java 1.6.0_24
Description: Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_26. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
CVE-ID
CVE-2011-0802
CVE-2011-0814
CVE-2011-0862
CVE-2011-0863
CVE-2011-0864
CVE-2011-0865
CVE-2011-0867
CVE-2011-0868
CVE-2011-0869
CVE-2011-0871
CVE-2011-0873
- Available for: Mac OS X v10.6.6 and later, Mac OS X Server v10.6.6 and later
- Java
You can download the updates through Software Update. the Snow Leopard update is a 78.9MB download.