This document describes the security content of J2SE 5.0 Release 3, which can be downloaded and installed using Software Update, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, visit the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to Use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Available for: Mac OS X v10.4.2 or later with Java 1.3.1 and 1.4.2Release 2
On November 28, 2005 (2005-11-28), Sun released Security Alerts #102003, #102050 and #102017. These alerts describe vulnerabilities that are already fixed in Mac OS X v10.4 with Java 1.3.1 & 1.4.2 Release 2 and J2SE 5.0 Release 3.
Java 1.3.1 and 1.4.2 Release 2 have been available since September 13, 2005 (2005-09-13).
J2SE 5.0 Release 3 has been available since November 15, 2005 (2005-11-15).
These may be obtained using Software Update preferences, or Apple's Software Downloads website:
http://www.apple.com/support/downloads/java2se50release3.html
http://www.apple.com/support/downloads/java131and142release2.html
For Java 1.3.1 & Java 1.4.2:
The download file is named: "Java131and142Release2.dmg"
Its SHA-1 digest is: 9e9f752ff56da7ab13f3b11f40b528c901145019
For J2SE 5.0 Release 3:
The download file is named: "J2SE50Release3.dmg"
Its SHA-1 digest is: c5fe977bd9a2d145e9d122ed80768488c89dcc98
For systems running Mac OS X v10.3.9, the Sun alerts are fixed with Java Security Update, which was released on September 13, 2005. It is available either from the Software Update pane in SystemPreferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/javasecurityupdate.html
The download file is named: "JavaSecurityUpdate4.dmg"
Its SHA-1 digest is: b6babb98a98c20bdc7d2ca9b14c56b93ff3813a7
If you want to determine that your system has the latest Java versions installed, open Terminal (from Applications/Utilities) and type one of these commands:
For Mac OS X v10.4.2 or later, type the following on one line, then press Return:
/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Commands/java -version
You should see: java version "1.5.0_05"
For Mac OS X v10.3.9 or later, type the following on one line, then press Return:
/System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java -version
You should see: java version "1.3.1_16"
/System/Library/Frameworks/JavaVM.framework/Versions/1.4.2/Commands/java -version
You should see: java version "1.4.2_09"