The Tuesday update for OS X Lion and Mac OS X 10.6 is said to fix "multiple vulnerabilities in Java 1.6.0_29" that could allow a piece of code to be run just by visiting an offending webpage.
From Apple's support page document:
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
The OS X Lion version of the update weighs in at 66.9MB and the Mac OS X 10.6 download comes in at 79.7MB. Both can be downloaded through Apple's support pages or via Software Update.
21 Comments
IMO this took waaay too long. Guess this is why Apple stopped bundling Java...
IMO this took waaay too long. Guess this is why Apple stopped bundling Java...
This might make sense if Apple responded to very vulnerability for every library included with Mac OS quickly. But they don't often leaving open significant vulnerabilities for a very long time.
I wonder when Android will get this update, given that nearly none of the devices run the current OS version.
I wonder when Android will get this update, given that nearly none of the devices run the current OS version.
That particular Java issue doesn't apply to Android, nor iOS for that matter AFAIK. I find no mention of it.
That particular Java issue doesn't apply to Android, nor iOS for that matter AFAIK. I find no mention of it.
The Windows version of Java got this update several weeks ago, could be a month. I suspect the vulnerabilities were over there, too, but the press kept silent about them. Only when things pop up on the Apple side will they generate enough page views to make doing the story worthwhile.