Java updateApple pushed out a Java update for its Snow Leopard, Lion and Mountain Lion systems Wednesday, fixing vulnerabilities Oracle tackled in last week’s emergency CVE-2012-4681 patch. Both Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005 update the Java SE 6 plugin and, in what might be a sign of Apple’s growing displeasure with the platform, help configure browsers to not automatically run Java applets.

“If no applets have been run for an extended period of time, the Java web plug-in will deactivate,” reads a release on Apple’s support site.

Last week Oracle released Java 7, update 7, to address a critical vulnerability in the platform that was used by attackers. While that update fixed the two bugs it also triggered the release of a new bug according to Security Explorations’ Adam Gowdiak, Threatpost reported.

In April the Flashback Trojan became a thorn in the side of many Apple users after it infected scores of Macs and exploited a critical Java flaw. Apple went on to patch the flaw, yet variants of the Trojan continued to pop up that affected Mac users running old and vulnerable versions of the software.

Apple of course has washed its hands of Java so to speak, yet electing to update builds of its OS X operating system that continue to run it.

Per usual, the OS X updates can be applied via Apple’s Software Update function or from the company’s download page.

Categories: Vulnerabilities, Web Security

Comments (2)

  1. WHH

    Any comment about the Register story that the Apple patch still does not address the flaws currently being exploited?


  2. Anonymous

    Wrong version, WHH: the currently-exploitable flaws everyone is discussing these days are with Java 7, and Apple does not have a version of Java 7 at all. This was an update to version 6.

Comments are closed.