On Thursday, Apple’s Software Update mechanism sprang to life with a Java update for both Snow Leopard and Leopard users. So what’s new?
The updates bring with them the usual security fixes for Java’s venerable cross-platform technology. A full list of changes included in the update are available on Apple’s website for both Snow Leopard and Leopard, according to MacUser.
What the updates share in common are fixes for vulnerabilities in Java 1.6.0_15, as well as patching Java 1.5.0_20. One such vulnerability allows an untrusted Java applet to obtain elevated privileges, which could enable it to then do something unpleasant. Both updates fix a loophole in which an expired certificate for an applet could be regarded as valid.