X

Apple issues Java security update

Flaws could allow malicious attackers to gain access to Mac OS users' systems.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
Apple Computer has released a Java update for Mac OS X to deal with flaws, one of which could enable malicious attackers to gain access to a system.

The Java 2 Standard Edition 5.0 Release 4 update, issued Monday, fixes a vulnerability in Java Web Start. The hole could allow a specially crafted application to bypass security restrictions and access resources on a system, potentially giving entry to an intruder. Java Web Start is a technology that loads Java applications over a network such as the Internet.

The update also patches a set of bugs in the "reflection" application programming interface, or API, parts of the Java Runtime Environment. These flaws could also allow an attacker to bypass security barriers to take control of a system.

The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted Tuesday.

The issues affect Mac OS X version 10.4.5 and the corresponding server edition of the operating system, which have Java 2 built into them. Apple advises people with this software to download and install the J2SE update.

The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux. In February, Sun issued an alert for the Web Start flaw and the Java Runtime Environment issues in these operating systems.

Santa Clara, Calif.-based Sun said at the time that it did not believe that the Web Start vulnerability had been exploited.