When we issued a security memo last month about a serious Java vulnerability that had been unpatched in Mac OS X, we kind of hoped that Apple would react more quickly. But it still took another four weeks after Landon Fuller released a proof-of-concept example of how the vulnerability could be exploited. Apple has finally released updates to Java, for both Mac OS X 10.4, Tiger, and Mac OS X 10.5, Leopard.
The Leopard update patches more than 150 individual bugs in Java, and the Tiger patches more than 100 bugs. But most important is that they patch the critical vulnerability that we warned against in our security memo, which could allow serious drive by attacks, where users could get infected by merely visiting a malicious web page that contained a Java applet.