Apple released an update of Java that addresses several CVE in Mac OSX 10.5.x and 10.6.x. The most critical of the vulnerabilities includes addressing elevated privileges and handling of expired certificates. An untrusted maliciously crafted applet on a web page could run with the user privileges leading to possible escalation of privileges and code execution.
An expired certificate was treated as valid, the issuess is addressed by improving the way in which expired certificates are handled.
The update does require a system restart for server and client.