Mac users urged to patch Java security holes

Filed Under: Apple, Vulnerability

Java icon
If you have Macs in your company it may be time to roll out a new bunch of patches - this time related to your Java installation. The new set of patches, issued by Apple, protect against 15 documented security vulnerabilities on your Java installation that could be exploited by hackers to run unauthorised code on your Mac computers.

According to a security advisory issued by Apple, Java for Mac OS X 10.5 Update 5 fixes multiple vulnerabilities that could allow cybercriminals to run code (such as a Trojan horse) on a visiting computer by embedding a malicious untrusted Java applet on a webpage.

The patches are available from the downloads area of Apple's website or via automatic updates.

By the way, none of the vulnerabilities affect users who have upgraded to Apple's latest version of Mac OS X, known as Snow Leopard.

For reasons which are as much of a mystery to me as the success of Ben Affleck, Java on the Mac comes from Apple, whereas Java on Windows, Linux and Solaris comes from Sun. That's not a problem, of course, if all the different flavours of Java are updated in unison.

Unfortunately, as ComputerWorld reports, Apple has been slow in the past issuing updates for Java, making it out of sync with the versions available for different operating systems (via Sun).

Even Snow Leopard doesn't escape criticism in this regard, as it installs Java 6 version 1.6.0_15 whereas the most up-to-date version (issued by Sun on August 11th) is Java 1.5.0_16. Poor old Tiger (Mac OS X 10.4) users are left even more in the lurch - they haven't received an update for their Java since June 15th.

[Correction: Thanks to @Codepope who has informed me that there was no security-related content in Java 1.6.0_16 compared to _15.]

As always, our advice is for users to take prompt action and roll out these patches at the earliest opportunity. Companies like Apple and Microsoft do not announce security vulnerabilities for the fun of it - they issue advisories and patches in order to better protect their users from internet and hacker attacks.

Don't be a dummy - get your computers patched as a matter of priority. If you're still confused as to which version of Java you are running on your computer visit this great website by Michael Horowitz: www.javatester.org.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.