updated 04:50 pm EDT, Tue April 18, 2006
J2SE 5.0r4 update
Apple today released Java 2 Standard Edition (J2SE) 5.0 Release 4. In addition to fixes for a few security issues, Apple says the update delivers improved reliability and compatibility for Java 2 Platform Standard Edition 5.0 on Mac OS X v10.4.5 and later. This release includes J2SE version 1.5.0_06. "With this update J2SE 5.0 becomes the preferred Java version, superseding Java 1.4.2. Java 1.4.2 is still installed on your machine, but applications will run with J2SE 5.0 unless they specifically request Java 1.4.2," according to Apple. [updated]
Apple said that the update fixes two important security issues in Mac OS X v10.4.5 (Client or Server) where an untrusted Java applications may obtain elevated
privileges through the Java Webstart program or through the use of
"reflection" APIs in the Java Runtime Environment. Additionally, a minor security-related fix for Java InputMethods is included.
"Due to an issue handling input method events, it is possible that key events intended for a secure field such as a password field may be sent to a normal text field in the same window," according to Apple's documentation. "This could result in accidental password disclosure to others physically present when the password is entered. This update addresses the problem by properly handling input method events."