2 min read

Apple Issues Fix for Zero-Day Vulnerability in OS X

Loredana BOTEZATU

September 07, 2012

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Apple Issues Fix for Zero-Day Vulnerability in OS X

The Java vulnerability discovered in August has prompted Apple to issue their own patch for Mac OS X customers. According to this security announcement, the free update for Java for OS X 2012-005 and Java for Mac OS X 10.6 in all Mac OS versions from Snow Leopard to date is available immediately.

The company decided to release its own patch for the Java 0-day vulnerability discovered in August. The fix is therefor available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later.

Particularly important is that these Java updates are designed to configure Mac users` web browsers so they won`t automatically run Java applets, but rather inform users which page requires Java and mark the placeholder as “Inactive plug-in” on a web page. If the user trusts the content, they have to click it to activate it.

Apple`s take on restricting the execution of Java content by default, along with the note that “developers should not rely on the Apple-supplied Java runtime being present in future versions of OS X” is another warning sign that the Cupertino-based vendor has had enough from third-party plug-ins. In April, OS X customers were hit by the Flashback Trojan, a piece of malware that also exploited a mega-flaw in Java and that is still affecting users who haven`t updated their vulnerable build.

Apple informs its users that “updating to Java version 1.6.0_35″ is “an opportunity for security-in-depth hardening” and for details redirects them also to Oracle`s official webpage hosting a recently released emergency security patch for the controversial CVE-2012-4681 vulnerability and two others in Java 7 running in web browsers on desktops.

Standalone Java desktop applications and Java running on servers were not vulnerable.

Apple officials note that Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 “may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/” while further “information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222″.

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader