Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Oracle Releases Patch to Address Security Vulnerability in Java 7

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,575
39,430



Java_Web-165-150x109.png


Earlier this week, we reported on a newly-disclosed vulnerability in Java SE 7 that could pose a risk for users on a wide variety of platforms, including OS X. While the real-world threat to Mac users stemming from the vulnerability is very low given that a Mac-specific exploit for the vulnerability has not been seen and only a small fraction of Mac users have manually installed Java SE 7, the incident has served as another reminder the Mac users can be vulnerable malicious attacks.

Although Oracle was reportedly warned of the issue months ago and apparently did not take significant action to protect users until it became public, the company has now moved quickly to address the problem with today's announcement regarding the release of Java SE 7 Update 7. The release addresses the specific vulnerability disclosed earlier this week as well as several others, and the company has also released Java SE 6 Update 35 to address a separate issue with the earlier version.
If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. Note that this malware may in some instances be detected by current antivirus signatures upon its installation.
Click to expand...
The updated versions of Java are available though Oracle's Java download page.

Article Link: Oracle Releases Patch to Address Security Vulnerability in Java 7
 
Article Link
https://www.macrumors.com/2012/08/30/oracle-releases-patch-to-address-security-vulnerability-in-java-7/
plugging up the sinking ship, sad really - java comes in quite handy, i'm guessing it will eventually phased out from the apple environment.
 
The Mac version of the Oracle release will update it self if you launch the control panel (from System Preferences) - mine just asked me to update when I looked at it.
 
We've gotten spoiled... it's a real pain having to go to the website and download the update. Even before the App Store came to be, a lot of the Mac software I ran used the Sparkle Framework for updating in place.

It's no longer the 20th century, Oracle - there are better ways to handle updates.

Ah... per GJShaller, above, the Control Panel handles the updates. Of course the fact that the Control Panel is separate from the Java Preferences panel (which is where I'd checked) is another annoyance...
 
Last edited:
charlieegan3 said:
plugging up the sinking ship, sad really - java comes in quite handy, i'm guessing it will eventually phased out from the apple environment.
Click to expand...

Which is ironic, because Java has built-in protection against buffer overflows whereas C, C++, and Objective-C (Cocoa) are all vulnerable. While clunky (though it's gotten better) and ugly, Java was always a pretty safe environment.
 
hmm after applying the patch, Java no longer worked in Safari for me, removed Java 7 and worked again.
 
Built in Java 6 has text rendered retina quality. The Oracle 7 does not. This update didn't add/fix it either. :(
 
As someone who does not know about these things, should I update from 6 or just stick with the version that (apparently) was never exploited?
 
Fortunately, Java is rarely necessary. I have disabled it in all of the browsers I use at home. I'm thinking of uninstalling it altogether on my Windows systems.

Unfortunately, there are some cases where it is needed. My employer has a web-app that needs it, so it's installed on my work computer. (Version 6, though - version 7 breaks this app.) And my wife is taking an on-line college course that requires it (also version 6 only, interestingly enough.)

I wish Firefox would include the ability to allow/block Java on a per-site basis, like they do for much simpler features like pop-up window blocking. Right now, I need to use NoScript to do that, which interferes with nearly every web site on Earth (since most use some amount of JavaScript to function.)
 
so where can i get the 6-35 update (currently have the mountain lion 6-33) for mac if i don't have 7 installed?
 
Please Oracle, Java is losing more and more credibility. Mac OS already disables it and tells you that it's disabled for your security. :(
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back