Apple Fixes Fifteen Vulnerabilities in Java

On September 3, 2009, Apple issued a fresh edition of Java so that Mac could fix 15 security flaws which could let an attacker execute remote code through manipulated Web-pages.

Apple states in its security advisory that the new version patches 15 unique flaws in Java as well as revises Java 4 to version 1.4.2_22, Java 5 to 1.5.0_20 and Java 6 to 1.6.0_15. Sun released the upgraded versions on August 4, 2009.

All the security flaws could let bug attackers plant and execute arbitrary code on an affected PC, said Apple. Although some leading software developers such as Oracle and Microsoft give their vulnerability patches particular threat ratings, this is not so with Apple. For instance, Microsoft assigns the same type of bugs in Java as "critical."

Explaining the method of a successful attack, Apple said that making a user visit a website with a maliciously designed Java applet could let an attacker execute arbitrary code via the same rights that the user enjoys.

The new Java security update is applicable to just the server and client software of Mac OS X 10.5 whose present versions are at 10.5.8. Users who are using Mac OS X 10.4, aka Tiger, can only use the previous editions of Java. Reportedly, on June 15, 2009, Apple last updated Tiger's Java application when it upgraded Java 4 to 1.4.2._21 and Java 5 to 1.5.0_19.

Notably, Snow Leopard, which was strongly criticized during the 1st week of September 2009 because it delivered a flawed Flash, is not compatible with the most recent update. According to the security specialists, the recent update isn't equipped with the newest Java patches.

Moreover, the Java edition designed for Mac OS X 10.5 Update 5 contains fixes, which plug security holes that Sun Microsystems addressed in August 2009.

The security specialists said - the problem is that Apple still lags considerably behind its contemporaries with respect to patching critical security flaws affecting certain software, which most of the globe's PCs run.

However, the specialists have advised computer users to update their programs suitably.

Related article: Apple Patches QuickTime 13 Month Old Flaw

» SPAMfighter News - 9/16/2009