Apple OS X Java VM Security Update

Apple has released Java 2 Standard Edition (J2SE) Release 4 for Mac OS X v10.4.5. As well as the performance and compatibility improvements it includes, this update also resolves several vulnerabilities in the virtual Java machine.

One of the advantages of Java applets is that they are multi-platform, as their precompiled code is parsed by the virtual machine, independently from the hardware or operating system used.

What's more, to prevent damaging or unsolicited actions, the virtual Java machine establishes a closed environment, known as a 'sandbox' that blocks indirect and indiscriminate access to system resources, such as arbitrary writing to files.

The vulnerability corrected by this update could allow an untrusted Java applet to elevate its privileges, carrying out actions that is should not be able to carry out, such as reading and writing to files or executing local applications.

Sun Microsystems has publish an alert notification about these vulnerabilities, which is available at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

The new version J2SE 5.0 Release 4, which corrects the problems in Mac OS X v10.4.5 has been published by Apple and can be downloaded from http://www.apple.com/support/downloads/