Never miss an update Follow AppleInsider
Tuesday, April 03, 2012, 06:30 pm
Apple pushes out Java security update
Apple has released a security update to plug a number of holes that allowed malicious software to run on a user's Mac outside of the Java sandbox.The Tuesday update for OS X Lion and Mac OS X 10.6 is said to fix "multiple vulnerabilities in Java 1.6.0_29" that could allow a piece of code to be run just by visiting an offending webpage.
From Apple's support page document:
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
The OS X Lion version of the update weighs in at 66.9MB and the Mac OS X 10.6 download comes in at 79.7MB. Both can be downloaded through Apple's support pages or via Software Update.
On Topic: Software
- Avid announces Pro Tools 11 and Media Composer 7 for Mac & PC
- Adobe releases Lightroom 4.4 and Camera Raw 7.4 after month of testing
- New release candidates for Adobe's Lightroom and Camera Raw bring bug fixes, added camera support
- Apple to lock iOS app screenshots upon submission to halt scammers
- Firefox 18 launches with support for Retina display Macs
Previous Comments View All
IMO this took waaay too long. Guess this is why Apple stopped bundling Java...
This might make sense if Apple responded to very vulnerability for every library included with Mac OS quickly. But they don't often leaving open significant vulnerabilities for a very long time.
I wonder when Android will get this update, given that nearly none of the devices run the current OS version.
I wonder when Android will get this update, given that nearly none of the devices run the current OS version.
That particular Java issue doesn't apply to Android, nor iOS for that matter AFAIK. I find no mention of it.
That particular Java issue doesn't apply to Android, nor iOS for that matter AFAIK. I find no mention of it.
The Windows version of Java got this update several weeks ago, could be a month. I suspect the vulnerabilities were over there, too, but the press kept silent about them. Only when things pop up on the Apple side will they generate enough page views to make doing the story worthwhile.
The Windows version of Java got this update several weeks ago, could be a month. I suspect the vulnerabilities were over there, too, but the press kept silent about them. Only when things pop up on the Apple side will they generate enough page views to make doing the story worthwhile.
Yeah, the vulnerability applied to all desktop OSes. It was fixed for all but OS X back in mid February.
This goes to show why Apple did the right thing by handing over Mac Java to Oracle and getting out of the game of rolling their own JDK/JRE.
Apple has always been quite late in updating Java, not just for major releases, but for security fixes as well. This has always been the case, even when Apple was gung ho on Java in the early 2000's.
Due to their previous commitments, they still have an obligation to maintain the Java releases within that commitment, including Java 6. Once Oracle distributes Java 7 for Mac and Java 6 falls into disuse (free support will be discontinued by Oracle in Nov 2012), then Apple will be totally off the hook.
What I don't understand is why Apple took this long to hand over support to Oracle, or Sun when it was still a separate company.
Yeah, the vulnerability applied to all desktop OSes. It was fixed for all but OS X back in mid February.
Then it obviously wouldn't apply to Android or iOS. Thank you sir.
Fantastic, I am glad they finally fixed Java's security flaws in the Mac OS X implementation, monthly for the last ten or twelve years. 
I guess I don't have java installed since the updater says I have nothing to update.
Is there an advanatage to installing java? Does it make web surfing better in any way?
Latest Apple Headlines
-
Editorial: Apple's iOS 7 needs exclusive, distinctive features, not just a flat UI
~12 hours ago -
iPad shipments could see first ever year-on-year decline in Q2, analyst says
~1 day ago -
Google's Motorola issues second appeal of dismissed ITC case against Apple
~1 day ago -
iPhone urinalysis app draws scrutiny from FDA
~1 day ago -
South Australia's first Apple Store draws line hours ahead of opening [update: photos and video]
~1 day ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
IMO this took waaay too long. Guess this is why Apple stopped bundling Java...