Apple on Thursday released an update to Java for Mac OS X Leopard. The update, number five, supersedes all previous updates and brings with it improved reliability, security, and compatibility for the cross-platform technology.
In particular, the update patches many Java-related security vulnerabilities, including some which allow untrusted Java applets to obtain elevated privileges via a Web page and potentially execute arbitrary code. There’s also a patch for Java Web Start that prevents a buffer overflow from quitting an application or executing arbitrary code.
The security patches in question were released by Java-maker Sun Microsystems in early August, marking an improvement in turnaround time for Apple. In the past, the company has lagged at rolling out fixes for Java, such as this past June, when Apple finally issued an update for a bug that Sun had patched over six months prior. However, according to Computerworld, Thursday's update does not fold in Sun's most recent patch of August 11, which plugs further security holes.
Java version numbers on OS X are always a bit thorny, so here are the details. The 161.35MB update is only applicable to Mac OS X Leopard version 10.5.8 or later (not Snow Leopard). Java SE 6 is updated to version 1.6.0_15, J2SE 5.0 is updated to version 1.5.0_20, and J2SE 1.4.2 is updated to version 1.4.2_22. While J2SE 5.0 and J2SE 1.4.2 support all Intel and PowerPC-based Macs, Java SE 6 requires a 64-bit Intel-based Mac.