The flaws could be exploited by attackers to bypass security restrictions and escalate privileges to gain system access or launch DoS attacks, according to Secunia, which ranked the bugs “highly critical.”
According to an Apple advisory, users should upgrade to Java Release 6 for Mac OS X 10.4.
The vulnerabilities are found in Java 1.4 and J2SE (Java Runtime Environment) 5.0, which allows users to run Java applications. The remaining vulnerability relates to an access flaw in Keychain, Apple's password management system.
The Leopard operating system, released in late October, includes the fixes, many of which had already been patched by Sun Microsystems, the creator of Java.
Many Java developers have turned to the Mac platform. OS X is the only major consumer operating system to come packaged with a complete Java runtime and development environment, according to Apple.
See original article on scmagazineus.com
Apple fixes Java vulnerabilities
By Dan Kaplan on Dec 18, 2007 2:21PM