Never miss an update Follow AppleInsider
Thursday, August 30, 2012, 05:29 pm
Oracle issues patch for latest Java security flaw
Oracle on Thursday released a patch for the Java 1.7 runtime, plugging a recently discovered security hole that allowed malware to take over any operating system when a user visits a malicious website.In an update to its "CVE-2012-4681" security alert, Oracle addressed three separate vulnerabilities and one "security-in-depth" issue affecting Java 7.
It was reported on Monday that a new zero-day exploit had been discovered and proven to be effective within the Java 1.7 runtime, which includes the latest Java 7 update, in browsers on any operating system.
According to researchers, the flaw allows malware to breach the security of a Mac or PC by having a user visit a compromised website hosting the attack code. Because Java came bundled with older versions of OS X like Leopard or Snow Leopard, Macs running the legacy software are potentially more vulnerable to the attack than those with the latest 10.8 Mountain Lion.
Apple removed Java from OS X last year with the release of 10.7 Lion after a security flaw in Oracle's software allowed the infamous Flashback trojan to affect a reported 600,000 Macs. As a safety precaution, users must now authenticate browser requests to download and install Java, proactively blocking potential exploits.
From Oracle's alert:
If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. Note that this malware may in some instances be detected by current antivirus signatures upon its installation.
The patch for Java 1.7 can be downloaded directly from Oracle's website, while more information about the security issues can be found at the company's security page..
On Topic: General
- Google's Motorola issues second appeal of ITC case dismissal against Apple
- South Australia's first Apple Store draws line hours ahead of opening [u}
- Rains once more cause damage at Apple's Fifth Avenue NY store
- Steve Jobs's family has been giving money away anonymously for more than 2 decades
- Judge says evidence will likely show Apple culpable in e-book price fixing case
Previous Comments View All
I downloaded the original Java 7 package from Oracle and couldn't get the first web-based Java financial calculator to work when it worked fine under Java 6. I removed Java 7 per Oracle's instructions and Safari saw the original Java 6 and the calculator ran fine. I'll wait until Apple actually releases a Java 7 package that works. I know Oracle is supposed to be supplying the JRE but if this is how they supply it, I'm not happy.
I don't think I'll bother with installing Java first, just for this patch.
If I ever get the "install Java" prompt it makes the decision not to visit the site that initiates it a whole lot easier.
really? Thats very interesting
This vulnerability only affects Java 7... Java 7 doesn't even run on any Mac OS X older than 10.7 Lion. Please tell me how these legacy Macs running Java 5 or 6 is somehow more vulnerable to a Java 7 attack?
Default Prompted install of Java for 10.7 and 10.8 is still Java 6 as well. To get Java 7 on 10.7 or 10.8 you have to manually go get the installation package from somewhere like java.com.
EDIT:
ok, last I looked this was a java 7 only vulnerability.. now it looks like they say it affects Java 6 Update 34 and earlier as well, so Java 6 is NOT safe.
I'll wait until Apple actually releases a Java 7 package that works. I know Oracle is supposed to be supplying the JRE but if this is how they supply it, I'm not happy.
Apple isn't doing Java VMs anymore. They stopped with Java 6.
Latest Apple Headlines
-
iPad shipments could see first ever year-on-year decline in Q2, analyst says
~1 hour ago -
Google's Motorola issues second appeal of ITC case dismissal against Apple
~3 hours ago -
iPhone urinalysis app draws scrutiny from FDA
~4 hours ago -
South Australia's first Apple Store draws line hours ahead of opening [u}
~4 hours ago -
Best Buy to offer $50 off all iPhone 5 & 4S models starting Sunday
~7 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
Ahhh.
Super Fast.
And Easy Peasy