Apple plugs Java security holes with updates for OS X 10.5 and 10.6

Check Software Update! Apple has released a couple of Java updates for OS X 10.5 and OS X 10.6. These updates will install Java version 1.6.0_20 on Mac OS X Leopard and Snow Leopard, and will install Java version 1.5.0_24 on OS X 10.5.  The updates will also fix a couple of security holes that allow arbitrary code to be executed by Java applets.

Apple addresses a couple of serious security holes where untrusted Java applets can be executed when visiting a Web page containing maliciously crafted code. The security hole will allow applets to execute commands at the privilege level of the current user, which can be concerning for people running in administrative accounts.

Additionally, a similar exploit of the same security hole could allow a Java applet to cause unexpected application termination.

The updates are available via Software Update, but they also are available for direct download:

Java for Mac OS X 10.6 Update 2 (78MB)

Java for Mac OS X 10.5 Update 7 (122MB)

The updates require OS X 10.5.8 or OS X 10.6.3 or higher to install. If you are using a prior version of the operating system, you will need to update your OS before you can apply this update. Additionally, this update will require you to relaunch your Web browsers to take effect.

As with any update, be sure to back up your system before installing it. Use a cloning utility or Time Machine and manually invoke the backup so you can restore your system and files in the event of a problem. These updates installed just fine on our systems, and so far have not shown any problems for other users; however, we will follow any if and when they develop.

Questions? Comments? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.