Printed from http://www.electronista.com

Apple promotes Java 6 SE fix through Software Update

updated 07:22 pm EDT, Tue October 16, 2012

Patches zero-day exploit for Snow Leopard, Lion, ML

Though recent versions of OS X no longer ship with a Java plug-in -- and Apple has ceased developing its own versions and left compatibility to Java owner Oracle -- the company is pushing an updated version of Oracle's latest release of Java SE 6 (version number 1.6.0 build 37) through its own Software Update mechanism. The update fixes a critical "zero-day" exploit reported at the end of last month and is available as separate releases for OS X 10.6, and OS X 10.7 and higher.

For Snow Leopard users, the update is referred to as Java for Mac OS X 10.6 Update 11. Currently the support page download link goes back to the previous update from September (Update 10), but it is available through Software Update. As with the previous update, it configures web browsers not to automatically run Java applets, and instead creates a sort of "Java blocker" on web pages that can be manually overridden by clicking on an area labelled "inactive plug-in." It will also deactivate the Java web plug-in if no applets have been run for "an extended period of time."

The Lion and Mountain Lion version of the update is called "Java for OS X 2012-006" and like the Snow Leopard version, it offers "improved security, reliability and compatibility" but doesn't specify exactly what has changed. The accompanying note says that the update will uninstall any old Apple-provided Java applet plug-ins from all web browsers, and replace it with the "inactive plug-in" blocker described above. Users who click on the "inactive" button will be prompted to download the latest version of the Java plug-in directly from Oracle. The update also removes the Java Preferences application, which is no longer required to configure applet settings.

Oracle, in its release notes for the new version, says that the v1.6.0_37 update adds the compromised Cisco AnyConnect Secure Mobility Client to its blacklist, and closes two bugs related to the zero-day exploit, which affects all versions of Java including Java 7, though this patch is aimed only at Java SE 6. An update for Java 7 (update 9) is available as well for users running Java SE 7 on Macs, but at present is only available directly from Oracle.

Most users Java SE 5, which is also affected by the exploit, is no longer updated and little-used. Users running pre-Snow Leopard Macs or outdated versions of Java are strongly advised to disable the web plug-in and seek alternatives for Java uses or update their systems if possible.




By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. benji888

    Fresh-Faced Recruit

    Joined: 10-16-12

    I'm confused, I just happened to click on software update today and this came up. It seems like it is uninstalling Java?? Now I have to get it from Oracle, no longer included w/Apple's OS? ...So what version should I install? The latest Java 6? or Java 7? (I have Lion on a mid-2010 macbook pro)

  1. chas_m

    MacNN Staff

    Joined: 08-04-01

    No, it does not uninstall Java (if you have it installed at all -- Lion didn't come with it, and if you don't use any programs that require Java, you've likely not even noticed that it's "missing"). It UPDATES the Java you may have installed (if present) but DISables the web plug-in until you run across something that actually requires it. Then you are prompted to click to reactivate, or if you don't have Java on board you'll be asked if you want to install it and the latest version will be downloaded for you.

    Bottom line: relax.

    As for which one, I'd suggest just letting Apple take care of that when the need arises, but if you want to you can download Java SE 7 from Oracle's web site (that's the latest one) using the link seen in the story (next to last paragraph).

  1. benji888

    Fresh-Faced Recruit

    Joined: 10-16-12

    I thought Apple was going to stop taking care of Java for us? Like Flash? ...I thought Java was used on most websites? ...in any case. OK. I'll just get the latest from oracle. thx.

  1. chas_m

    MacNN Staff

    Joined: 08-04-01

    Apple HAS stopped taking care of Java for us ... updates come from Oracle. But Apple has an obligation to push out security-based updated like this one.

    Flash continues to work fine on Macs, and you get it directly from Adobe. Apple *did* push out a fix for the "Flashback" worm a while back that exploited Flash, but regular updates you get from Adobe.

    Java not used on that many websites anymore, in part because performance is poor, in part because it generally looks ugly, and in part because of security concerns. Some sites and programs still use Java, depends on where you go what your perception of how widespread Java is, but overall use has declined.

    Get the update from Apple or the latest from Oracle, either way you should be good to go now. Of course, future security issues may arise, so pay attention to Java-related stories if you're going to run Java on your Mac. Cheers.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Blue's Mikey Digital

Blue Microphones, a company that makes some of the most popular digital USB microphones among podcasters and musicians, has for some t ...

Sponsor

toggle

Most Commented

 
toggle

Popular News