Apple has released a couple of updates for the Java runtime environment for OS X, which address a number of vulnerabilities where Java applets could execute code outside of the Java sandbox.
Sandboxing is a method of keeping running instances of scripts and applications sequestered so they cannot influence other programs on the system. If a program is able to run outside of the sandbox then it could destabilize other programs if it is faulty. In addition it can pose a security risk as the program may be less restricted from accessing other system resources not available in the sandbox.
The updates are available for Java 1.5_28 in OS X 10.5 "Leopard" and Java 1.5_28 and 1.6_24 in OS X 10.6 "Snow Leopard." The updates should be available via Software Update, but can also be downloaded from the following locations:
Java for Mac OS X 10.6 Update 5 (requires OS X 10.6.4 or later)
Java for Mac OS X 10.5 Update 10 (requires OS X 10.5.8 or later)
While these updates are being provided by Apple, Apple's in-house development of Java support for OS X is being discontinued, with Oracle taking up the reins, so future releases and updates to Java may not be available through Software Update.