Apple has released a critical Java update to mitigate multiple vulnerabilities that "may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive information," according to US-CERT.
The following products are included in the updates:
- OS X v10.6.8
- OS X server v10.6.8
- OS X Lion v10.7.3
- Lion Server v10.7.3
According to the Apple support web page, "Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox."
"Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31," the post explains.
More information can be obtained at the Oracle Java website:
Source: http://www.us-cert.gov/current/#apple_update_for_java_for