Apple has released security updates for Mac OS X and Mac OS X Server 10.4.11 and 10.5.7 - more than six months after Sun Microsystems warned the world of flaws in its Java virtual machine that make it easy for attackers to execute malware on users' Macs, PCs, and Linux boxes.

Better late than never.

So if you're reading this on a Mac, stop right now, fire up Software Update and install the patch - 10.4 Release 9 or 10.5 Update 4. We'll wait.

Back? Okay. You've just applied a patch that, according to Apple, fixes multiple vulnerabilities in Java, "the most serious of which may allow an untrusted Java applet to obtain elevated privileges."

Without the patch - in other words, for the past six months - if you visited a malicious web page, it could install a Java applet that could lead to arbitrary code execution with your level of privileges.

If you followed our suggestion last month to take Security researcher Landon Fuller's advice to disable Java applets in your browser and uncheck the "Open 'safe' files after downloading" setting in Safari's General preferences, you're now free to reverse those changes. ®

Related stories

• Comment Apple security lags (again) with critical Java patches (4 September 2009)
• Apple fixes critical Mac holes triggered by image files (6 August 2009)
• Mac OS X gets rootkit coding manual (20 July 2009)
• Updated iPhone crashing bug could lead to serious exploit (2 July 2009)
• Speculation mounts over AVG plans for OS X client (2 July 2009)
• Nokia pulls memory-gobbling Java overhaul (1 July 2009)
• January's Windows 7 hole still open (18 June 2009)
• Apple security is 'struggling,' researcher says (9 June 2009)
• JavaOne Sun rallies mobile faithful to simplified Java tests (3 June 2009)
• Six months on, Macs still plagued by critical Java vuln (19 May 2009)