Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Oracle's fix for zero-day Java flaw to be available 'shortly' [update: released]

Last updated

In response to the discovery of a Java 7 flaw that prompted Apple to disable the software in OS X, Oracle issued a statement saying it is currently working on a fix and will release the patch soon.

Oracle released the statement late Friday following a U.S. Department of Homeland Security recommendation that all Java 7 users disable or uninstall the software until a patch was issued, reports Reuters. Taking action on its own, Apple quietly disabled the plugin through its OS X anti-malware system shortly after hearing of the exploit.

A timeline as to when the fix will be pushed out is unknown as Oracle offered only a vague answer saying, "A fix will be available shortly."

The U.S. Department of Homeland Security said that Java's most-recent vulnerability is being "attacked in the wild, and is reported to be incorporated into exploit kits."

For its part, Oracle noted in its statement that the flaw only affects the most up-to-date version of Java 7 and Java software designed to run in Internet browsers.

Java and Apple have had a rocky relationship over the past few years, including a move to drop the Java runtime from OS X 10.7 Lion's default installation when the OS debuted in 2010. Another flaw in Oracle's internet plugin was responsible for the most widespread Mac malware ever when the "Flashback" trojan reportedly affected some 600,000 OS X machines in April 2012.

Apple continued efforts to deprecate Java from OS X over the past year, culminating in the company's final official in-house Java update issued in May 2012. From that point, all responsibility for future updates was handed over to Oracle.

Update: Oracle on Sunday released a fix to a Java 7 flaw discovered on Friday. Users can download the release here.

From the release notes:

The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.



45 Comments

originalmacrat 19 Years · 298 comments

It would be nice if Apple put out an update for older OS'es that would make it easy for novice users to completely remove Java from their Macs. (Not to be confused with the Apple update that disabled the Safari Java plugin.) While Lion and Mountain Lion don't contain Java, the OS Software Update automatically offers to install Java for the user when a Java app attempts to launch. There really needs to be a user setting to block that.

imagladry 13 Years · 105 comments

Good News!

 

Older versionv of the Mac OS do not update V. 7 of Java. This problem is limited to the most up-to-date version of Java as stated by Oracle.

originalmacrat 19 Years · 298 comments

Quote:
Originally Posted by imagladry 

Older versionv of the Mac OS do not update V. 7 of Java. This problem is limited to the most up-to-date version of Java as stated by Oracle.

 

THIS security problem is in Java 7.

 

Last year there was a similar security with Java 6.

 

And other security issues in versions past.......

gctwnl 18 Years · 277 comments

Quote:
Originally Posted by imagladry 

Good News!

 

Older versionv of the Mac OS do not update V. 7 of Java. This problem is limited to the most up-to-date version of Java as stated by Oracle.

 

Maybe not so, previous versions of Java are mentioned here too:

 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422