MacNN | Java for Snow Leopard, Lion and Mountain Lion updated over security
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
Java for Snow Leopard, Lion and Mountain Lion updated over security
Tuesday, October 15, 2013 @ 10:30pm

For the fifth time this year, Apple has had to issue an update to Java for all three supported versions of OS X: Snow Leopard (10.6), Lion (10.7) and Mountain Lion (10.8). As has become the norm, the update was issued due to the discovery of "multiple vulnerabilities" in Java 1.6.0_51. The cross-platform development technology has been updated to version 1.6.0_65, and is referred to in Software Update as "Java for Mac OS X 10.6 Update 17" for Snow Leopard and "Java for OS X 2013-005" for newer systems.



The flaws vary in risk, but the most serious of the problems "may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user," report Apple. The company has been forced to disable Java multiple times owing to serious security issues over the past two years, and stopped distributing Java with new Macs in 2010 over the same sort of issues. Users who are dependent on Java for things like web applications and games must stay ever-vigilant for new updates, either directly from Oracle (the current maintainer of Java following its purchase of Sun Microsystems) or through Apple's Software Update. Apple's software now automatically disables Java entirely if it hasn't been used in the past 30 days, and will warn users of risks or outright block the use of outdated versions of Java. The new update notes that it is uninstalling the (outdated) Apple-provided Java applet plug-in from all web browsers in favor of the new install. Java has risen to become by far the most popular source of vulnerabilities for malware on the Mac to exploit, though Apple's aggressive efforts to disable it unless the very latest version is installed and used has kept incidents of malware very low and still rare. The latest release notes for Java 1.6.0_65 reveal that it plugs some 38 separately-reported issues. The update is also available through Apple's Support Downloads web page.

Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:

  • Misfit announces Flash, a new wearable for fitness, sleep monitoring - 8:43 PM EST
  • Texas court finds CBS infringes upon Personal Audio LLC's patent - 7:35 PM EST
  • Apple publishes guide for Android data transfer to iOS devices - 7:05 PM EST
  • Official iPhone 6, 6 Plus cases being delivered for early orders - 4:33 PM EST
  • Forums: Incoming iPhone! - 4:15 PM EST
  • Apple deals: savings of up to $770 on 15.4-inch MBPs - 4:11 PM EST
  • Microsoft unveils universal mobile keyboard, Xbox One with PC cable - 4:10 PM EST
  • DealNN: new Mac Pro for $3,199 - 4:08 PM EST
  • iCloud.com re-institutes two-factor authentication - 3:53 PM EST
  • Netflix comes to Germany with day-one support on many devices - 3:07 PM EST
  • VirnetX's $368.2M verdict against Apple tossed on procedural grounds - 2:08 PM EST
  • Near-complete OS X 10.9.5 being seeded internally, sources say - 1:43 PM EST
  • Apple updates OS X Server 3.2 developer preview - 1:03 PM EST
  • Chinese police arrest Foxconn worker for stealing iPhone 6 shells - 12:32 PM EST
  • Apple wins patent on physics-based tablet GUI concept - 11:07 AM EST
  • DisplayPort spec boosted to 1.3, can drive 5K on single cable - 10:40 AM EST
  • Devs will not have access to NFC APIs this year, Apple says - 9:30 AM EST
  • Olympus reveals silver OM-D E-M1, incoming firmware update - 9:28 AM EST
  • Review: Autodesk Smoke 2015 - 8:13 AM EST
  • Opinion: Battery life should dictate Apple Watch release strategy - 7:29 AM EST
  • Free iTunes U2 album now up to 'record-breaking' 33 million in 'sales' - 1:37 AM EST

    Today's iPodNN Stories:
  • Briefly: Spotify on Amazon Fire TV, Chrome OS to cast Drive videos - 5:42 PM EST
  • CyberPower PC brings Gigabyte laptops to customization service - 5:11 PM EST
  • Briefly: Lumix DMC-GH4 firmware update, XBMC Hub renamed TV Addons - 2:45 PM EST
  • Briefly: Chromecast app support grows, Roku hits 10M milestone - 2:19 PM EST
  • Orange offers to acquire Spanish carrier Jazztel for 3.4B euro - 12:44 PM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.