or Connect
AppleInsider › Forums › Software › Mac OS X › Apple and Oracle issue patches for yet another Java zero-day exploit
New Posts  All Forums:Forum Nav:

Apple and Oracle issue patches for yet another Java zero-day exploit

post #1 of 20
Thread Starter 
Apple on Monday released an updated version of Java 6 to plug a hole that can lead to malicious software being installed on an affected user's Mac.

Java Logo


Oracle also released update 17 of Java 7 today after researchers discovered multiple new vulnerabilities in the software, one of which is being actively exploited in the wild.

From Oracle's release notes:

This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.


Java has seen an alarmingly high number of exploits since the start of the year, with Apple and Oracle both being forced to issue multiple patches to deal with ongoing issues. In mid-January, Oracle pushed out an emergency fix for a vulnerability so severe that the U.S. Department of Homeland Security recommended all Java 7 users disable or uninstall the program until a solution was found. Later that month, another exploit prompted Apple to use the XProtect anti-malware feature baked into OS X to block Java 7 from running on Macs.

Most recently, Apple pushed out an update on Feb. 19 to cope with a similar vulnerability.

The latest Java update for OS X Lion and Mountain Lion weighs in at 63.84MB, while the Snow Leopard version comes in at 69.32MB. Both can be downloaded from Apple's Support Webpage or via Software Update.
post #2 of 20

Pest Control one java at a time.

An Apple man since 1977
Reply
An Apple man since 1977
Reply
post #3 of 20

I'm going to have to quit my job so I can keep up with the updates!

post #4 of 20

Patches are a fact of life in the software industry.  That being said, come on Oracle!  Get with the program!

post #5 of 20
Both Adobe and Oracle really need to get their shit together. This is absolutely ridiculous!

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #6 of 20

Strange fact: Even tho Android is frequently claimed as having Java at it's root, it's immune to these Java exploits. Android users are unaffected.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #7 of 20
I just find this so confusing.
I thought Apple was leaving all Java "stuff" directly to Oracle from now on. Why is Apple still taking responsibility for this; and why Java 6, when Oracle is producing Java 7?
I mean... wtf
post #8 of 20
Quote:
Originally Posted by Gatorguy View Post

Strange fact: Even tho Android is frequently claimed as having Java at it's root, it's immune to these Java exploits. Android users are unaffected.

Android doesn't run a JVM. It uses java syntax back end but compiles to a custom VM for efficiency reasons, among others. So, yes, issues effecting java are distinct to systems running a JVM, but Dalvik (custom VM) has its own concerns. Any ubiquitous software will be targeted by malicious people. 1hmm.gif
post #9 of 20
Why does my comment have a spoiler alert? I'd blame it on java, but this is from an iPhone. 1wink.gif
post #10 of 20
Originally Posted by DeanSolecki View Post
Why does my comment have a spoiler alert? I'd blame it on java, but this is from an iPhone. 1wink.gif

 

You hit the spoiler button, is all. It dropped in blank formatting that you then fill with something you don't want to show up automatically.

 

Warning: Spoiler! (Click to show)

It's ugly and huge, isn't it? Way larger than it needs to be.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #11 of 20
Quote:
Originally Posted by Tallest Skil View Post

You hit the spoiler button, is all. It dropped in blank formatting that you then fill with something you don't want to show up automatically.
Warning: Spoiler! (Click to show)
It's ugly and huge, isn't it? Way larger than it needs to be.

Aww. I already had my heart set on blaming it on Java. Although now I get to blame it on cryptic ribbons. 1wink.gif

Thanks for the explanation.
post #12 of 20
There is a simple fix, first dump Java from your mac. Don't use Safari, use Google Crome as they have Java built in (sandboxed). If concerned about your bookmarks then use "Xmarks"
I've been doing it this way for months, works perfect, oh and get rid of Flash, another wasted resource. Have a nice Java free day!
post #13 of 20
Originally Posted by TosaMan View Post
…first dump Java from your mac. Don't use Safari, use Google Crome as they have Java built in…

 

I'm confused. So use Java?


…oh and get rid of Flash, another wasted resource.


You're using Chrome. You're using Flash.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already fucked.

 

Reply
post #14 of 20
Quote:
Originally Posted by TosaMan View Post

There is a simple fix, first dump Java from your mac. Don't use Safari, use Google Crome as they have Java built in (sandboxed). If concerned about your bookmarks then use "Xmarks"
I've been doing it this way for months, works perfect, oh and get rid of Flash, another wasted resource. Have a nice Java free day!

 

You are mistaking Java with Flash. Chrome has Flash built in, not Java. In fact, the new Java 7 doesn't even work with Chrome (on Mac), so you actually would be dumping Java. But if you're using Chrome, you're using Flash, too. Nice try, though.

post #15 of 20

Chrome has Java built in, don't bother asking me how or why all I know is that Java is part of Google Crome.  When Crome is updates so are the components that

allow Java to function within Chrome ONLY.  Also Crome has it's own version of Flash, read this: http://tidbits.com/article/13545

 

My current version of Google Crome is: 25.0.1364.99

Bottom line is all I know it works!  (Mac OSX 10.8.2)

post #16 of 20
Quote:
Originally Posted by TosaMan View Post

There is a simple fix, first dump Java from your mac. Don't use Safari, use Google Crome as they have Java built in (sandboxed). If concerned about your bookmarks then use "Xmarks"
I've been doing it this way for months, works perfect, oh and get rid of Flash, another wasted resource. Have a nice Java free day!

Unfortunately the USPTO website uses java for its private login.  Therefore, all patent attorneys have to have access to Java.

post #17 of 20
Quote:
Originally Posted by TosaMan View Post

Chrome has Java built in, don't bother asking me how or why all I know is that Java is part of Google Crome.

Chrome does not have Java built in. You're probably using the Apple supplied Java 6 on your computer.

JLL

95% percent of the boat is owned by Microsoft, but the 5% Apple controls happens to be the rudder!
Reply
JLL

95% percent of the boat is owned by Microsoft, but the 5% Apple controls happens to be the rudder!
Reply
post #18 of 20
Quote:
Originally Posted by macxpress View Post

Both Adobe and Oracle really need to get their shit together. This is absolutely ridiculous!

Don't hold your breath. The industry loves to claim exemption from accountability by claiming complexity and bugs as "normal."
post #19 of 20
Quote:
Originally Posted by ash471 View Post

Unfortunately the USPTO website uses java for its private login.  Therefore, all patent attorneys have to have access to Java.

Government websites are the worst of all. Just about 20 minutes ago I sent a notice to a local government website to tell them that the page I was on had a link to a Japanese page instead of my borough's website. On top of that, the text box for the subject of the message considered a comma to be a "special character", AND the length was limited to a ridiculously short character limit. And on top of that, the message text box behaved really badly on my iPhone.

I've never found government websites to be even slightly reasonable; forget sensible. Whatever the java requirement is for the USPTO site, I bet you it's about "secure log in," yet the java product itself is fundamentally insecure and a major failure point. Plus, I've yet to use a single java applet or program that didn't feel slow, look ugly, and fail to operate with any sense of normality in context to the OS it was run on and the purpose it supposedly provided.
post #20 of 20
http://m.tuaw.com/2012/10/22/java-7-and-chrome-dont-play-well-together/

This covers most of the relevant information. Basically, you only need java if you NEED java, and if you do, your browser will tell you, or a specific application will (otherwise, don't install the plugin.)
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple and Oracle issue patches for yet another Java zero-day exploit