PDA

View Full Version : Apple Releases Java Update to Fix New Zero-Day Vulnerability




MacRumors
Mar 4, 2013, 04:11 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2013/03/04/apple-releases-java-update-to-fix-new-zero-day-vulnerability/)


http://cdn.macrumors.com/article-new/2013/01/java_logo_new-150x275.jpgApple has pushed a new release of Java 6 that fixes a new vulnerability discovered just a few days ago. Somewhat confusingly, Apple delivers updates to Java 6, while Oracle delivers updates directly to Java 7 users (http://java.com/en/download/mac_download.jsp?locale=en).

InformationWeek reports (http://www.informationweek.com/security/vulnerabilities/zero-day-java-vulnerability-allows-mcrat/240149816):
"We detected a brand new Java zero-day vulnerability (http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html) that was used to attack multiple customers," FireEye security researchers Darien Kindlund and Yichong Lin said in a blog posted Thursday. "Specifically, we observed successful exploitation against browsers that have Java v1.6 update 41 and Java v1.7 update 15 installed," they said, referring to the two most recently released versions of Java 6 and Java 7.Lion and Mountain Lion users should download Java for OS X 2013-002 (http://support.apple.com/kb/DL1572). This file updates Java SE 6 to 1.6.0_43, the latest version released by Oracle. Snow Leopard users will download Java for Mac OS X 10.6 Update 14 (http://support.apple.com/kb/DL1573?), which delivers the same version of Java 6.

The last update for both Java 6 and 7 was released in mid-February to fix a different security vulnerability (http://www.macrumors.com/2013/02/19/apple-releases-java-updates-for-os-x-updating-java-se-6-to-1-6-0_41/).

Article Link: Apple Releases Java Update to Fix New Zero-Day Vulnerability (http://www.macrumors.com/2013/03/04/apple-releases-java-update-to-fix-new-zero-day-vulnerability/)



street.cory
Mar 4, 2013, 04:14 PM
I can't wait for the day that I see "Java and Adobe Flash Discontinued" on the MR home page.

Northgrove
Mar 4, 2013, 04:21 PM
Java is like a zombie that just won't die. Aim for the head!

jlc1978
Mar 4, 2013, 04:22 PM
In other news, somebody called to d/l 4000 copies...

keysofanxiety
Mar 4, 2013, 04:28 PM
I'm sure Java's had more security issues in this past week than OS X has in a decade :p

Negritude
Mar 4, 2013, 05:19 PM
The thing I'm still wondering about is the Java 6 EOL. Is this the last update, or will Apple continue to patch via an enterprise agreement of some sort?

daneoni
Mar 4, 2013, 05:26 PM
Glad i don't have to rely on Java and consequently don't have it installed.

cntwtfrmynwmbp
Mar 4, 2013, 05:48 PM
So I thought Java 6 isn't supported anymore by Apple.

Nevertheless there is a security update every week...

When is the support from Apple going to be suspended?

Undecided
Mar 4, 2013, 06:01 PM
Java is like a zombie that just won't die. Aim for the head!

I did - poof! Wiped it off both Macs, both the plug-in and JVM.

C DM
Mar 4, 2013, 06:09 PM
The thing I'm still wondering about is the Java 6 EOL. Is this the last update, or will Apple continue to patch via an enterprise agreement of some sort?It sounds like as long as Oracle will release updates for Java 6 (which they are probably hoping to stop, as they did with the update before this one), Apple will release them too, at the very least to keep up with the safety part that the updates would offer (since there's no chance they would be released for anything other than some sort of an exploited and/or large security issue).

kyjaotkb
Mar 4, 2013, 06:15 PM
Cool! A 50MB "critical" update !

TsMkLg068426
Mar 4, 2013, 06:35 PM
In another new Mac OS X 10.8.3 will be available for download in few days.:D:apple:

sexiewasd
Mar 4, 2013, 06:45 PM
I really hate/love Java. It's wonderful to code in. It stays out of your way and let's you do some really crazy/stupid things and have a lot of fun, but the down side is that it lets you do some really crazy/stupid things. It's a lot like PHP in that way, and like PHP I don't think it has any hope of ever being secure in any reasonable sense of the word. It's a shame, but I think that with Oracle at the helm, it's time to put it out of it's misery.

ArtOfWarfare
Mar 4, 2013, 07:26 PM
I love quickly putting together ugly little apps for work that run on everyone's machines in Java. I understand that the apps it produces never look as nice as native OS X ones, but is it really that bad? If Java didn't run on OS X, I suspect there'd be many apps that wouldn't run on OS X, period. Few developers would decide to go through the effort of making a full OS X app just to satisfy the few people who stubbornly insist on using OS X and not having a copy of Windows emulated or something.

FloatingBones
Mar 4, 2013, 07:51 PM
I love quickly putting together ugly little apps for work that run on everyone's machines in Java. I understand that the apps it produces never look as nice as native OS X ones, but is it really that bad? If Java didn't run on OS X, I suspect there'd be many apps that wouldn't run on OS X, period. Few developers would decide to go through the effort of making a full OS X app just to satisfy the few people who stubbornly insist on using OS X and not having a copy of Windows emulated or something.

The issue is not deploying Java apps; the issue is running Java apps in the browser. If someone wants to distribute Java apps, that's fine. If Apple supported the distribution of Java code via the Mac App Store, that would be even better. Kudos to Adobe for their Flash packager for allowing Flash code to be packaged and distributed to the various App Stores.

We had some it "professionals" say that they see no issue running Java/Flash code in the browser in other discussions here. I do not understand this casual (actually, promiscuous) attitude. It's kinda like those folks don't see the value of washing their hands when using the bathroom. :eek:

pellets007
Mar 4, 2013, 09:49 PM
Broke a lot of things for me. There's another twenty minutes down the drain, signing up for an Oracle account and downloading the previous version. Ugh. :mad:

Steve.P.JobsFan
Mar 4, 2013, 10:16 PM
In other news, somebody called to d/l 4000 copies...

I see what you did there. :p

Truffy
Mar 5, 2013, 03:20 AM
Imagine my unmitigated joy when I reinstalled CS5 recently to be informed that I needed to install Java first. :(

harrisondavies
Mar 5, 2013, 06:15 AM
6.66 MB update...that doesn't bode well.

unplugme71
Mar 5, 2013, 08:30 AM
The issue is not deploying Java apps; the issue is running Java apps in the browser. If someone wants to distribute Java apps, that's fine. If Apple supported the distribution of Java code via the Mac App Store, that would be even better. Kudos to Adobe for their Flash packager for allowing Flash code to be packaged and distributed to the various App Stores.

We had some it "professionals" say that they see no issue running Java/Flash code in the browser in other discussions here. I do not understand this casual (actually, promiscuous) attitude. It's kinda like those folks don't see the value of washing their hands when using the bathroom. :eek:

I don't wash my hands in public restrooms, unless everything is automated. I rather use hand sanitizer before/after bathroom use than touch something that is probably filled with tons of bacteria. Even door handles I open using my sleeve or grab a napkin prior to walking in/out.

justperry
Mar 5, 2013, 08:46 AM
Cool! A 50MB "critical" update !

63+ on that link, but I agree, yet another download, can't they do a supplemental download.
Doesn't show up in my SU.

I don't wash my hands in public restrooms, unless everything is automated. I rather use hand sanitizer before/after bathroom use than touch something that is probably filled with tons of bacteria. Even door handles I open using my sleeve or grab a napkin prior to walking in/out.

Oh, and back home you do the dishes with a sponge which has been proven to carry the most bacteria.:rolleyes:

Not washing hands :eek: dirty!

haravikk
Mar 5, 2013, 04:36 PM
I love quickly putting together ugly little apps for work that run on everyone's machines in Java. I understand that the apps it produces never look as nice as native OS X ones, but is it really that bad? If Java didn't run on OS X, I suspect there'd be many apps that wouldn't run on OS X, period. Few developers would decide to go through the effort of making a full OS X app just to satisfy the few people who stubbornly insist on using OS X and not having a copy of Windows emulated or something.
You don't have to use Java for the entire app; there are plenty of great little apps that use Java to provide all the basic functionality in the background, but use a native UI to present it; this means all you need to do is develop a native UI for each platform but can keep the basic code in Java. It's not my own favourite way of doing it, but it's one of the things that Java is good for.

It's also good for quickly developing server programs that need a bit more control than code written on a scripted platform like PHP, Ruby on Rails etc.

For applets it is just awful; the load times alone (seemingly irrespective of hardware and connection speed) make it pretty horrible, but there's just so few reasons to use Java applets for anything anymore, but unfortunately lots of in-house solutions seemingly loved it (and still do). A lot of universities seem to use it for some reason too.