Apple has released two updates for its Java runtime environment for OS X that patches vulnerabilities allowing an untrusted Java applet to executive arbitrary code outside the Java sandbox.
The updates are available for Java 1.6.0_28 and Java 1.5.0_28 for OS X 10.5 Leopard and Java 1.6.0_24 for OS X 10.6 Snow Leopard.
For both the Leopard and Snow Leopard updates, Apple explained that “multiple vulnerabilities exist” in Java 1.6.0_24 and Java 1.5.0_28, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.” More
