Apple on Monday shipped fixes for multiple vulnerabilities in Java for Mac OS X 10.4 and 10.5. Included was a patch for a gaping hole for which security researcher Landon Fuller recently published a proof-of-concept. Fuller was trying to push Apple to release the updates after Sun, the maker of Java, already plugged the holes months ago. The most serious of the vulnerabilities patched Monday could enable an attacker to infect users who simply visit a website hosting a malicious Java applet. — DK