Apple Releases Update to Java for OS X to Version 1.6.0_31

Thats good to hear, was a little concerned for a minute

MacRumors said:

Apple hasn't updated its security page with details of the fixes in the update, but it may fix the vulnerability detailed across the web in recent days.

Click to expand...

It does fix this.

The security details have just been released via the apple-security-announce mailing list:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and
Java for Mac OS X 10.6 Update 7

Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now
available and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_31.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2011-3563
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507


Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667

For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx
VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh
7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc
Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA
wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd
V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=
=Pf96
-----END PGP SIGNATURE-----

Now I feel A lot safer!!

Good News ! Makes me feel safer on viewing a lot of web pages!

SMOHKK85 said:

Good News ! Makes me feel safer on viewing a lot of web pages!

Click to expand...

Are you getting confused with Javascript?

Java ( applets) isn't used frequently on websites these days.

Just downloaded and installed the update without issue. I wish Apple was a bit more proactive with the security patches, as it seems that Mac users are left vulnerable longer than our Windows brethren.

If you use Xcode and upload apps to the App Store, don't install this Java update yet as it will break uploading to the Mac App Store (possibly iOS also). It breaks both Xcode App Store uploading and Application Loader uploading.

Not in su for me.

I like that it fixes CVE-2012-0507, which neither MITRE nor NVD list yet... (Yes, I know how CVEs work, it's just funny seeing one patched before it's even public!)

lupinglade said:

If you use Xcode and upload apps to the App Store, don't install this Java update yet as it will break uploading to the Mac App Store (possibly iOS also). It breaks both Xcode App Store uploading and Application Loader uploading.

Click to expand...

Care to mention the source for this information?

Wirelessly posted

What is java used for

Confused about Java

I don't see this in my software update. Is it that I don't have Java installed? Is is something you need to install, and doesn't come standard with Lion?

When going to Utilities, I do see "Java Preferences," but when I click it, it says I need Java runtime, and asks me to install. I have been able to go to websites without any problems, so is this something that I need to install?

Thanks for all the help

nsshah85 said:

I don't see this in my software update. Is it that I don't have Java installed? Is is something you need to install, and doesn't come standard with Lion?

When going to Utilities, I do see "Java Preferences," but when I click it, it says I need Java runtime, and asks me to install. I have been able to go to websites without any problems, so is this something that I need to install?

Thanks for all the help

Click to expand...

You don't need it.

nsshah85 said:

I don't see this in my software update. Is it that I don't have Java installed? Is is something you need to install, and doesn't come standard with Lion?

When going to Utilities, I do see "Java Preferences," but when I click it, it says I need Java runtime, and asks me to install. I have been able to go to websites without any problems, so is this something that I need to install?

Thanks for all the help

Click to expand...

Java is installed on demand these days. If you run an app that needs Java, Mac OS will let you know, otherwise, don't worry about it.

What is this "Java" thing?

Finally. RE6 gave me no end of grief.

Not sure I am understanding this Java update but when I look in my Safari plug in it still says 1.6.0_29 but when I go to Java app on Lion after updating the Java it says 1.6.0_31 Java update broken?

Thanks

Dainin said:

You don't need it.

Click to expand...

Dragado said:

Java is installed on demand these days. If you run an app that needs Java, Mac OS will let you know, otherwise, don't worry about it.

Click to expand...

Thanks for the input. Definitely cleared it up for me. Appreciate it

TsMkLg068426 said:

Not sure I am understanding this Java update but when I look in my Safari plug in it still says 1.6.0_29 but when I go to Java app on Lion after updating the Java it says 1.6.0_31 Java update broken?

Click to expand...

It says 1.6.0.29 on my Safari Plugin too but 1.6.0.31 in the Java Preferences.

nsshah85 said:

When going to Utilities, I do see "Java Preferences," but when I click it, it says I need Java runtime, and asks me to install. I have been able to go to websites without any problems, so is this something that I need to install?

Thanks for all the help

Click to expand...

Yeah, I believe the UI wrapper for configuring the runtime is always present, but if you don’t have it, you don’t get the install prompt.

...and if you don’t have the JRE installed, you won’t get a system update for Java.

fruitycups said:

Wirelessly posted

What is java used for

Click to expand...

Java is a programming language, it was pretty big at one point, one of the big advantages was that it compiled to an intermediate code that’s interpreted, so it allowed for “write once, run everywhere”, particularly as a client application.

It’s also used in backend services, and in fact, we did quite a bit of Java using J2EE (it’s an enterprise framework that provides DB/messaging/etc.), also did some client apps (wrote a CMS back in the late 90’s, I think it’s still in the Sun or Oracle catalog archives).

It was easy to distribute Java apps through a web interface, so you got centralized app management combined with a rich client environment.

Android apps can also be written in Java which let’s them be run on different CPU architectures and such. Since they’re run through a runtime interpreter (that’s the JRE that’s mentioned in the OSX configuration app, Java Runtime Engine), they’re [generally] not as fast as native code.

There’s still some client apps written in it like VPN/remote access apps, and things like the Oracle DB dev tool. It’s kind of few and far between for client apps, but still in reasonably decent use for the web (any sites you see running *.jsp are Java based backends).

Syntactically C# borrows quite a bit from Java (one reason I went from Java to C#).

Wirelessly posted

Whats java?

fruitycups said:

Wirelessly posted

Whats java?

Click to expand...

http://en.wikipedia.org/wiki/Java_(programming_language)

D.T. said:

Java is a programming language, it was pretty big at one point,

Click to expand...

Was? It still --IS-- the most popular programming language on the planet, with Android and the ENTIRE enterprise market as its main strongholds.

Also, it is more than just a programming language or a simple framework. It is a full operating system-independent software platform.

But yes, C# and .NET are nice. And thanks to the people behind Mono, very interoperable with Java.

I'm glad this fix has been released relatively quickly. At this point, I don't care which operating system is more secure. I'm happy with OS X and how it fits into the workflow. The real enemy are those hackers and unscrupulous people trying to steal personal info or whatever they plan to do with their malware.

Wasn't supposed that java would be updated from the manufacturer (aka Oracle) just like in every other OS, for OS X Lion and forth ? Why is Mac version still maintained by apple unlike everyone else ?