Java flaws haunt Mac OS X
Attackers could exploit several Java-based flaws in Mac OS X to bypass certain security programs, launch cross-site scripting assaults or cause a denial of service, Apple says.
Danish vulnerability clearinghouse Secunia said in its SA28115 advisory
that an error in Java is caused by improper access checks, and that attackers could exploit it to add or remove items from a user's keychain without prompting the user via a specially crafted Java applet. Other vulnerabilities in Java 1.4 and J2SE 5.0 can be exploited to bypass certain security restrictions, conduct cross-site scripting attacks, cause a denial of service or compromise a user's machine.
Apple recommended in its advisory that users upgrade to Java Release 6 for Mac OS X 10.4.