Apple has begun protecting its users against the recent Java zero-day vulnerabilities by Apple has begun protecting its users against the recent Java zero-day vulnerabilities by rolling out its own patches. rolling out its own patches.
Apple has now released its own patches for OS X users, in order to tackle the Apple has now released its own patches for OS X users, in order to tackle the Java zero-day Java zero-day vulnerabilities vulnerabilities that were discovered at the end of last month. that were discovered at the end of last month.
The security updates are available for Mac OS X Snow Leopard, Lion and Mountain Lion The security updates are available for Mac OS X Snow Leopard, Lion and Mountain Lion systems, due to there now being "an opportunity for security-in-depth hardening". In systems, due to there now being "an opportunity for security-in-depth hardening". In Apple's Apple's security bulletin security bulletin , the company refers to Oracle's own security alert for , the company refers to Oracle's own security alert for CVE-2012-4681 CVE-2012-4681 , and , and recommends users apply either the Java for Mac OS X 10.6 Update 10 or Java for OS X recommends users apply either the Java for Mac OS X 10.6 Update 10 or Java for OS X 2012-005, depending on the user's operating system. These patches will update Java to 2012-005, depending on the user's operating system. These patches will update Java to version 1.6.0_35, the equivalent of the latest version of Java 6. version 1.6.0_35, the equivalent of the latest version of Java 6.
Java 7 is only available on Macs if users have downloaded it directly from Oracle, rather than Java 7 is only available on Macs if users have downloaded it directly from Oracle, rather than using Apple's software updater. Users running the latest version of Java 6 on OS X are not using Apple's software updater. Users running the latest version of Java 6 on OS X are not vulnerable to the alleged vulnerable to the alleged sandbox bypass vulnerability sandbox bypass vulnerability that was discovered in the most that was discovered in the most recent Java 7 Update 7 patch. recent Java 7 Update 7 patch.
Apple has stated that it will provide further information on the patch on its Apple has stated that it will provide further information on the patch on its Apple security Apple security updates updates page, but at the time of writing, this had not been updated. page, but at the time of writing, this had not been updated.
Would love to here from you...