Apple and Oracle issue patches for yet another Java zero-day exploitApple on Monday released an updated version of Java 6 to plug a hole that can lead to malicious software being installed on an affected user's Mac.
Oracle also released update 17 of Java 7 today after researchers discovered multiple new vulnerabilities in the software, one of which is being actively exploited in the wild.
From Oracle's release notes:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Java has seen an alarmingly high number of exploits since the start of the year, with Apple and Oracle both being forced to issue multiple patches to deal with ongoing issues. In mid-January, Oracle pushed out an emergency fix for a vulnerability so severe that the U.S. Department of Homeland Security recommended all Java 7 users disable or uninstall the program until a solution was found. Later that month, another exploit prompted Apple to use the XProtect anti-malware feature baked into OS X to block Java 7 from running on Macs.
Most recently, Apple pushed out an update on Feb. 19 to cope with a similar vulnerability.
The latest Java update for OS X Lion and Mountain Lion weighs in at 63.84MB, while the Snow Leopard version comes in at 69.32MB. Both can be downloaded from Apple's Support Webpage or via Software Update.
On Topic: Mac OS X
- Apple adds server-to-server web service requests to CloudKit
- Apple updates Final Cut Pro X, Compressor and Motion with new features
- Public beta testers get Apple's second build of OS X 10.11.4
- Apple seeds OS X 10.11.4 to developers with minor bug fixes
- Apple updates Logic Pro X, MainStage 3 pro apps with new features and enhancements