Mac OS X Java Multiple Vulnerabilities

Description:
Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system.

1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. This can potentially be exploited to execute arbitrary code when a user visits a web page containing a specially crafted java applet.

2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet.

Mac OS X 10.4 is reportedly not affected.

3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system

Solution:
-- Java for Mac OS X 10.4 --
Update to Release 7:
http://www.apple.com/support/downloads/javaformacosx104release7.html

-- Java for Mac OS X 10.5 --
Apply Update 2:
http://www.apple.com/support/downloads/javaformacosx105update2.html

http://secunia.com/advisories/32018/