Apple has finally released a patch for the Java security vulnerability which affects the company’s Mac OS X, including the most recent Mac OS X 10.5.7 update. The security issue in question could allow a person with malicious intent to perform “drive-by-downloads” (you visit a web page and unknowingly download malware onto your machine because a Java applet allows for arbitrary code execution with the current user’s privileges), but this is not the most troublesome part. It seems that Apple knew about it for months, and while other software developers issued a patch, Apple just now addressed the issue – queue the sigh of relief.

The update is available for Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard. You are very well advised to update the software and stay protected – keep in mind that a proof of concept for the Java security vulnerability affecting Apple’s Mac OS X has been released 3 weeks ago by security expert Landon Fuller. At the time he was, and for good reason, pretty miffed about the fact that Apple knew about the issue for 6 months but did nothing to address it (detailed article available here).

Here are the official descriptions provided by Apple for the Java patch:

Java for Mac OS X 10.4 Patch
"Java for Mac OS X 10.4, Release 9 delivers improved reliability, security and compatibility for J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.4.11 and later. This release updates J2SE 5.0 to version 1.5.0_19 and J2SE 1.4.2 to version 1.4.2_21."

If you would like to get Java for Mac OS X 10.4 Release 9, a download location is available here.

Java for Mac OS X 10.5 Patch
"Java for Mac OS X 10.5 Update 4 delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later. This release updates Java SE 6 to version 1.6.0_13, J2SE 5.0 to version 1.5.0_19, and J2SE 1.4.2 to 1.4.2_21."

If you would like to get Java for Mac OS X 10.5 Update 4, a download location is available here.