rudis dot net

Apple updated Java on OS X today (they updated Quicktime and GarageBand as well). Unfortunately, we're not getting Java 6 yet, just performance and bug fixes.

From Software Update:

Java for Mac OS X 10.4, Release 6 delivers improved reliability and compatibility for Java 2 Platform Standard Edition 5.0 and Java 1.4 on Mac OS X 10.4.10 and later. This release updates J2SE 5.0 to version 1.5.0_13 and Java 1.4 to version 1.4.2_16.

For more details on this Update, please visit this website: http://docs.info.apple.com/article.html?artnum=307051

As of the time this was posted, the details link did not work, but the update installs without a hitch.

UPDATE: A different link http://docs.info.apple.com/article.html?artnum=307177 now provides information on the security content and it's significant! Test & update as soon as possible (though Leopard is fairly patched already w/r/t these vulns)!

• CVE-ID: CVE-2007-5862

  Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

  Impact: A malicious webpage can remove or insert items in the keychain

  Description: An access check may be bypassed for Keychain updates. A specially crafted Java applet may be able to add or remove items from a user's Keychain, without prompting the user. This update addresses the issue through an improved access check. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Bruno Harbulot of the University of Manchester for reporting this issue.

• CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6736, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-3004, CVE-2007-3005, CVE-2007-3504, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232

  Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

  Impact: Multiple vulnerabilities exist in Java 1.4

  Description: Multiple vulnerabilities exist in Java 1.4, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating Java 1.4 to version 1.4.2_16. These issues are already addressed in systems running Mac OS X v10.5 and later.

• CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3504, CVE-2007-3655, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232

  Available for: Mac OS X v10.4.10 and later, Mac OS X Server v10.4.10 and later

  Impact: Multiple vulnerabilities exist in J2SE 5.0

  Description: Multiple vulnerabilities exist in J2SE 5.0, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating J2SE 5.0 to version 1.5.0_13. These issues are already addressed in systems running Mac OS X v10.5 and later.