Critical Security Vulnerability in Java Is Patched

A few weeks ago, we posted an article about a critical security vulnerability in Java on Mac OS X. Morgan Aldridge wrote “It’s a couple of vulnerabilities that can be taken advantage of to run commands outside of the browser as the user that launched the browser.” Read the original post by clicking here.

The vulnerability was discovered in August 2008 and was patched by Sun and other developers several months ago. When Apple didn’t move on the issue, a former Apple engineer named Landon Fuller released a proof of concept exploit that could, in his words, allow “malicious code to escape the Java sandbox and run arbitrary commands” that would “result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet.” Read about this by clicking here.

It’s taken a month since Fuller publicized this issue, but Apple has finally released updated versions of Java for both OS X 10.5 Leopard and OS X 10.4 Tiger.

To install this update, either run Software Update (under the Apple icon in the upper left corner of your Mac’s screen), or download the patch directly from Apple:

Click here to download the Java for Mac OS X 10.5.

Click here to download the Java for Mac OS X 10.4

Click the following links to read Apple’s related security documents for OS 10.5 Leopard and OS 10.4 Tiger

FYI, for long-term Safari web browsing security, we suggest that Safari users leave the ‘Open “safe” files after download’ option in Safari preferences permanently disabled. Other vulnerabilities could remain in Safari’s handling of “Safe” files if someone figures out how to to trick Safari’s understanding of “Safe” files. While that scenario is rather far-fetched, it’s better to be safe than sorry.

Similar Posts

  • iTunes Still Rules

    Apple has announced that they’ve renewed contracts with four major record companies to sell individual songs through iTunes for 99 cents each. Some…

  • iPhone / iPod touch App Store Live!

    You can check out the long-gestating App store offering applications for the iPod touch and iPhone by clicking here (note that this will…

  • Download Feature Length Movies via iTunes?

    There’s a great article in Variety Magazine this morning, about Apple’s attempts at allowing full-length movie downloads through the iTunes music store. This…

  • New iPod Games!

    Apple released some new iPod games. 2 new games have been added, Suduko and Solitaire. Solitaire includes 10 different modes (Canfield, Klondike, Peaks,…

  • Apple Updates Mac mini

    Previous to this announcement today there was a lot of speculation around the death of the Mac mini. Many though Apple was going…