Apple has released an update to Java for Mac OS X Leopard.
The patches many Java-related security vulnerabilities, including some which allow untrusted Java applets to obtain elevated privileges via a Web page and potentially execute arbitrary code. There's also a patch for Java Web Start that prevents a buffer overflow from quitting an application or executing arbitrary code.
These fixes were pushed out by Java-maker Sun Microsystems in early August, with Apple improving its turnaround time by releasing them a month later.
In the past, the company has been slow at rolling out fixes for Java. In June, for example. Apple finally issued an update for a bug that Sun had patched over six months prior.
Yesterday’s update do not include Sun's most recent patch of 11 August, which plugs further security holes.
The update, number five, supersedes all previous updates and brings with it improved reliability and compatibility for the cross-platform technology, as well as improved security.