The update for Snow Leopard, Java for Mac OS X 10.6 Update 2, fixes 20 bugs, all of which could be exploited if a user is tricked into visiting a web page containing a maliciously crafted Java applet, Apple said. The vulnerabilities could lead to unexpected application termination or allow an attacker to execute arbitrary code with the privileges of the current user.
The update for Leopard, Mac OS X 10.5 Update 7, patches some 60 bugs, which could lead to the same problems, according to Mac security vendor Intego.
An advisory posted by the US-CERT encouraged users and administrators to apply the updates.
The updates are available at Apple's Support Downloads page.