Earlier today we discussed software updates, and I inadvertently omitted a big one – Apple last week released a major update to its Java package for OS X 10.5 Leopard. The update, described here and available for download, addresses a rather large number of Java vulnerabilities, some of which potentially allowed unauthorized privilege elevation by executing code from a malicious website.
Note that this update does NOT apply to Snow Leopard, OS X 10.5.6.
This release updates Java SE 6 to version 1.6.0_15 (for 64-bit Intel Macs only), J2SE 5.0 to version 1.5.0_20 (all Intel and PPC Macs), and J2SE 1.4.2 to 1.4.2_22 (all Intel and PPC Macs). The updates catch up with Java fixes released by Sun in August, but apparently there are still a few pending vulnerabilities that have yet to be incorporated into the Leopard packages.
Make sure you update as soon as possible, as there are active exploits in the wild for some of these flaws!