For HomeFor BusinessFor Partners
Industry News
2 min read

Apple Issues Fix for Zero-Day Vulnerability in OS X

Loredana BOTEZATU

September 07, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Apple Issues Fix for Zero-Day Vulnerability in OS X

The Java vulnerability discovered in August has prompted Apple to issue their own patch for Mac OS X customers. According to this security announcement, the free update for Java for OS X 2012-005 and Java for Mac OS X 10.6 in all Mac OS versions from Snow Leopard to date is available immediately.

The company decided to release its own patch for the Java 0-day vulnerability discovered in August. The fix is therefor available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later.

Particularly important is that these Java updates are designed to configure Mac users` web browsers so they won`t automatically run Java applets, but rather inform users which page requires Java and mark the placeholder as “Inactive plug-in” on a web page. If the user trusts the content, they have to click it to activate it.

Apple`s take on restricting the execution of Java content by default, along with the note that “developers should not rely on the Apple-supplied Java runtime being present in future versions of OS X” is another warning sign that the Cupertino-based vendor has had enough from third-party plug-ins. In April, OS X customers were hit by the Flashback Trojan, a piece of malware that also exploited a mega-flaw in Java and that is still affecting users who haven`t updated their vulnerable build.

Apple informs its users that “updating to Java version 1.6.0_35″ is “an opportunity for security-in-depth hardening” and for details redirects them also to Oracle`s official webpage hosting a recently released emergency security patch for the controversial CVE-2012-4681 vulnerability and two others in Java 7 running in web browsers on desktops.

Standalone Java desktop applications and Java running on servers were not vulnerable.

Apple officials note that Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 “may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/” while further “information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222″.

tags

Industry News

Author

Loredana BOTEZATU

Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

Right now Top posts

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows
Industry News Scam

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows

July 01, 2024

7 min read
Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report
Smart Home

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

June 26, 2024

2 min read
UEFA EURO 2024 Scams Are Already Here – How to Stay Safe
Scam Tips and Tricks

UEFA EURO 2024 Scams Are Already Here – How to Stay Safe

June 25, 2024

5 min read
Most People Still Write Important Passwords Down, Bitdefender Report Finds
Digital Privacy Threats

Most People Still Write Important Passwords Down, Bitdefender Report Finds

June 07, 2024

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Regulatory Setback for Meta as EU Challenges Ad-Free Subscription Tactics
Industry News Digital Privacy

Regulatory Setback for Meta as EU Challenges Ad-Free Subscription Tactics
Vlad CONSTANTINESCU

July 04, 2024

1 min read
Want to Make a Quick $250k? Find a KVM Vulnerability for Google
Industry News

Want to Make a Quick $250k? Find a KVM Vulnerability for Google
Silviu STAHIE

July 03, 2024

1 min read
New Side-Channel Attack Targets Intel 13th and 14th Gen
Industry News

New Side-Channel Attack Targets Intel 13th and 14th Gen
Silviu STAHIE

July 03, 2024

1 min read

Bookmarks

loader