After being hacked, Apple pushes out Java update to patch security hole

Posted:
in Mac Software edited January 2014
Just hours after Apple announced that it too was victim to a wide-ranging malware attack, the company released a new version of Java for OS X to plug a hole in the software that can be exploited to install malware onto an affected machine.

Java Update


According to the release notes, "Java for OS X 2013-001 1.0" brings improvements to security, reliability and compatibility by updating Java SE 6 to version 1.6.0_41.
This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.
Earlier on Tuesday, Apple disclosed that a limited number of employee laptops were attacked by the same group responsible for hacking social networking site Facebook. The company said there is no evidence that vital information was compromised or stolen as a result of the attack.

While not much is known about the Apple breach, the malware deployment is thought to have been disseminated through a Java zero day exploit that hit Facebook's systems late last week.

The Java update can be downloaded via Apple's Support webpage or through Software Update.
«13

Comments

  • Reply 1 of 41


    That was quick. This vulnerability must be pretty serious.

  • Reply 2 of 41
    Snow Leopard?
  • Reply 3 of 41
    This updated my 10.6 Snow Leopard.
    Went to http://www.java.com/en/download/testjava.jsp to confirm.
  • Reply 4 of 41
    gtrgtr Posts: 3,231member


    Apple not hacked.


     


    Java hacked.


     


    Again.

  • Reply 5 of 41
    jragostajragosta Posts: 10,473member
    The sooner we can kill off Java (and Flash), the better
  • Reply 6 of 41
    gtr wrote: »
    Apple not hacked.

    Java hacked.

    Again.
    Apple, Inc. hacked.
  • Reply 7 of 41
    auxioauxio Posts: 1,974member


    This line from the article is a bit curious:


     


    "This update uninstalls the Apple-provided Java applet plug-in from all web browsers."


     


    Perhaps the hackers found a way to force browsers to load the (older) Apple-provided Java applet plugin on systems which still have it installed?

  • Reply 8 of 41
    joshajosha Posts: 901member

    Quote:

    Originally Posted by auxio View Post


    This line from the article is a bit curious:


     


    "This update uninstalls the Apple-provided Java applet plug-in from all web browsers."


     


    Perhaps the hackers found a way to force browsers to load the (older) Apple-provided Java applet plugin on systems which still have it installed?





    Very good observation. That's my conclusion as well;  the old Apple Java still around.


    Now they say the web site source of this hacking has been found.   Now to hack it into doing nothing !

  • Reply 9 of 41
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by jragosta View Post



    The sooner we can kill off Java (and Flash), the better


    Simple. Just learn to live without the powerful beneficial features those applications offer.


     


    Sort of like suggesting a ban on cars because drunk drivers kill innocent people.

  • Reply 10 of 41
    jragostajragosta Posts: 10,473member
    mstone wrote: »
    Simple. Just learn to live without the powerful beneficial features those applications offer.

    Sort of like suggesting a ban on cars because drunk drivers kill innocent people.

    Not even close.

    There's no need for Java or Flash. They are simply tools used by developers who are too lazy to do proper development.
  • Reply 11 of 41
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by jragosta View Post



    There's no need for Java or Flash. They are simply tools used by developers who are too lazy to do proper development.


    In your opinion perhaps but I disagree. The reasons to use those tools is because no other tools exist which can provide the same functionality.

  • Reply 12 of 41


    Originally Posted by jragosta View Post

    There's no need for Java or Flash. They are simply tools used by developers who are too lazy to do proper development.


     


    Agreed, but let's say "modern development". Quite a bit of legitimate work has gone into Java items over the years. 


     


    Post-Macromedia Flash can burn for all I care. imageimage

  • Reply 13 of 41
    jragostajragosta Posts: 10,473member
    mstone wrote: »
    In your opinion perhaps but I disagree. The reasons to use those tools is because no other tools exist which can provide the same functionality.

    Nonsense. Name one thing that Java or Flash can do that no other tool can do.

    Again, it's mostly lazy developers who keep them going.
  • Reply 14 of 41


    Great. More of this Java version nightmare. Online web version checker tells me it can't detect Java. Terminal tells me Java 1.6.0_37 (why the 1 in front?). I thought I'd upgraded to Oracle Java 1.7.0_13, but maybe this was disabled. How are regular computer users supposed to cope?

  • Reply 15 of 41

    Quote:

    Originally Posted by jragosta View Post





    Nonsense. Name one thing that Java or Flash can do that no other tool can do.



    Again, it's mostly lazy developers who keep them going.


    I'm no great fan of Java or Flash. But if you mean lazy developers who use tools that make what they want to do easier, then that's a good thing. And what do you mean by doing 'proper development'? Scala maybe - but that runs in the JVM. C++?? - the worst language ever (well almost). Machine code/assembler? - horrors.


     


    Manipulating data in registers rather than high-level constructs? Well any programming model that has registers in it and exposes programmers to a memory hierarchy is fundamentally broken (Android, maybe). Registers should be a machine-level optimisation, invisible to programmers like L1, L2, L3 cache (registers are a form of cache - in fact all memory is a level of cache).


     


    At the user level, iOS gets this right - no longer do users 'save' their data out to disk. This is handled automatically by the application/OS and thus the distinction of memory levels as far as the user understands is not there. Thus main memory is just a cache for the document you are currently working on.


     


    We need that transparency of memory levels in programming models - then we'll be doing proper development (like the conceptually very simple and powerful Turing machine and hopefully passed to Apple via Alan Kay and Bob Barton who understood why programmer-visible registers are bad).

  • Reply 16 of 41
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by jragosta View Post




    Quote:

    Originally Posted by mstone View Post



    In your opinion perhaps but I disagree. The reasons to use those tools is because no other tools exist which can provide the same functionality.




    Nonsense. Name one thing that Java or Flash can do that no other tool can do.



    Again, it's mostly lazy developers who keep them going.


    Got to love those lazy programmers who coded Google's finance application. That is probably one of the most sophisticated programs to ever run in a browser although there are others that cannot be matched using HTML5. I offered one of my own programs for example a year or two ago as an example, I won't bother reposting it as I have nothing to prove, but I suspect some members here remember my medical x-ray program. If one was to uninstall Flash player and visit the Goggle finance page you would see the best Google's engineers were able to do using JS. It is far from feature parity with the Flash version and Google's JS programmers are possibly the best in the industry. 

  • Reply 17 of 41
    jragostajragosta Posts: 10,473member
    mstone wrote: »
    Got to love those lazy programmers who coded Google's finance application. That is probably one of the most sophisticated programs to ever run in a browser although there are others that cannot be matched using HTML5. I offered one of my own programs for example a year or two ago as an example, I won't bother reposting it as I have nothing to prove, but I suspect some members here remember my medical x-ray program. If one was to uninstall Flash player and visit the Goggle finance page you would see the best Google's engineers were able to do using JS. It is far from feature parity with the Flash version and Google's JS programmers are possibly the best in the industry. 

    IOW, you can't name a single thing that Flash or Java will do that couldn't be done by some other method.
  • Reply 18 of 41
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by jragosta View Post




     



    IOW, you can't name a single thing that Flash or Java will do that couldn't be done by some other method.


    I thought I just provided a perfectly good example of how Flash exceeds any other technology for certain applications. I agree with many others here that the unnecessary use of Flash or Java simply for the ease of development of pointless animations is stupid.


     


    Try to access the Official US Time site www.time.gov


     


    You need either Flash or Java as that is the only way to access the atomic clocks of the National Institute of Technology.

  • Reply 19 of 41
    jragostajragosta Posts: 10,473member
    mstone wrote: »
    I thought I just provided a perfectly good example of how Flash exceeds any other technology for certain applications. I agree with many others here that the unnecessary use of Flash or Java simply for the ease of development of pointless animations is stupid.

    Try to access the Official US Time site www.time.gov

    You need either Flash or Java as that is the only way to access the atomic clocks of the National Institute of Technology.

    Nonsense. You said that you could not substitute other programming languages for Flash or Java. None of your examples support your contention. In fact, that last example is just silly. There's absolutely nothing difficult about accessing atomic clocks - ANY language could easily do that.

    Even if Flash or Java might be easier for some things (which you haven't proven, btw), that's a long way from your claim that it's the only way to do those things.
  • Reply 20 of 41
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by jragosta View Post




    Quote:

    Originally Posted by mstone View Post



    I thought I just provided a perfectly good example of how Flash exceeds any other technology for certain applications. I agree with many others here that the unnecessary use of Flash or Java simply for the ease of development of pointless animations is stupid.



    Try to access the Official US Time site www.time.gov



    You need either Flash or Java as that is the only way to access the atomic clocks of the National Institute of Technology.




    Nonsense. You said that you could not substitute other programming languages for Flash or Java. None of your examples support your contention. In fact, that last example is just silly. There's absolutely nothing difficult about accessing atomic clocks - ANY language could easily do that.



    Even if Flash or Java might be easier for some things (which you haven't proven, btw), that's a long way from your claim that it's the only way to do those things.


    Ok then please refer me to the better finance app than Google's and the better way to access the atomic clocks than time.gov and I will use those applications instead. I'm happy to give up Flash and Java as long as there is an equivalent platform to replace it.

Sign In or Register to comment.