After the release last week of its new Snow Leopard operating system, Apple has issued a security update for the Java component in its Leopard OS, Mac OS X 10.5.
The update, released Thursday, addresses problems in the Apple version of Java that could let applets obtain elevated privileges, cause application termination or result in arbitrary code execution, according to Apple's advisory.
In one of the vulnerabilities, “A stack buffer overflow exists in Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution,” the advisory said. “This update addresses the issue through improved bounds checking.”
The update doesn't affect Snow Leopard, Mac OS X 10.6, which already has the same level of Java updates installed, according to the advisory.
But Snow Leopard reportedly suffers from an unrelated security issue.
“It seems that Apple is shipping an outdated, even dangerous version of [the Adobe] Flash Player,” Peter James, an Intego spokesman, wrote in a post on the Intego Mac Security Blog.
The problem shows up for Snow Leopard users that had previously upgraded to the newest version of the Flash player.
“If you had upgraded to Flash version 10.0.32.18 prior to installing the new OS, you ended up with Flash version 10.0.23.1 afterward. Leaving you vulnerable,” wrote Adrien de Beaupré, a handler with the SANS Internet Storm Center. Users can update to the latest version of Flash at the Flash Player Download Center.