Apple has recently discovered a security hole in MRJ 1.5 and earlier which
makes it possible for applets to directly call routines in the Mac OS,
contrary to operational guidelines for such software. (MRJ is Apple’s
implementation of the Java virtual machine.) All customers using MRJ are
advised to upgrade immediately to MRJ 1.5.1, to avoid this problem.
MRJ 1.5.1 is available now on Apple’s web site at
http://applejava.apple.com/text/download.html. If you already have MRJ 1.5
installed, you can download a patching utility to quickly update it to
1.5.1. If you have an earlier version installed, you can download a
complete MRJ 1.5.1 installer.