Apple issues Java update for 10.5, 10.6
If you thought you just heard a disturbance in the Force—as if millions of voices cried out in terror and were suddenly silenced—then take a deep breath and relax: it’s just a pair of Java software updates for Mac OS X.
Apple released the two updates, Java for Mac OS X 10.6 Update 1 and Java for Mac OS X 10.5 Update 6, on Thursday. Both include a number of security fixes for the cross-platform technology, with the Leopard update being the heftier of the two, weighing in at 122MB.
The Leopard update, which requires Mac OS X 10.5.8 brings J2SE 5.0 to 1.5.0_22 and Java SE 6 to 1.6.0_17; J2SE 1.4.2 is disabled by default in this update, as it’s no longer being updated. The 78MB Snow Leopard update brings Java SE 6 to 1.6.0_17 as well, and requires Mac OS X 10.6.2.
If you’re curious about precisely what terrifying security vulnerabilities we’re being protected from this time, you can run down the full list for the Snow Leopard or Leopard flavors of the update. Both fix a number of vulnerabilities in Java 1.6.0_15, including one that could allow an untrusted Java applet to obtain elevated privileges, with which it could potentially do nasty things. The Leopard update also mortars a number of chinks in Java 1.5.0_20 along the same lines as above.
The two updates also share a fix for a loophole in which an expired certificate for an applet could be regarded as valid.
The updates are available now via Apple’s Support downloads page or in Software Update; something tells me you’ve probably got just enough time to grab a cup of coffee while they install.