Apple and Oracle issue patches for yet another Java zero-day exploitApple on Monday released an updated version of Java 6 to plug a hole that can lead to malicious software being installed on an affected user's Mac.
Oracle also released update 17 of Java 7 today after researchers discovered multiple new vulnerabilities in the software, one of which is being actively exploited in the wild.
From Oracle's release notes:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Java has seen an alarmingly high number of exploits since the start of the year, with Apple and Oracle both being forced to issue multiple patches to deal with ongoing issues. In mid-January, Oracle pushed out an emergency fix for a vulnerability so severe that the U.S. Department of Homeland Security recommended all Java 7 users disable or uninstall the program until a solution was found. Later that month, another exploit prompted Apple to use the XProtect anti-malware feature baked into OS X to block Java 7 from running on Macs.
Most recently, Apple pushed out an update on Feb. 19 to cope with a similar vulnerability.
The latest Java update for OS X Lion and Mountain Lion weighs in at 63.84MB, while the Snow Leopard version comes in at 69.32MB. Both can be downloaded from Apple's Support Webpage or via Software Update.
On Topic: Mac OS X
- Apple releases 8th developer, 6th public betas of OS X 10.11 El Capitan
- Apple releases Logic Pro X 10.2, MainStage 3.2 updates with Alchemy synthesizer
- VMware launches Fusion 8 with Windows 10 & OS X El Capitan support
- Apple issues sixth Xcode 7 beta to developers with minor bug fixes
- Future Chrome for Mac update may solve problems with memory, performance