Skip to main content

Apple Releases Java For OS X Security Patch

Apple has pushed out a security update for Java on OS X 10.6 and 10.7 (with support for previous versions being discontinued).

The patch is aimed at defeating Flashback, a trojan horse which was first spotted in September of last year. Initially it was disguised as a fake Flash Player, then a fake security certificate, and last weekend another variant emerged taking advantage of a fresh Java vulnerability.

This new patch addresses that latter flaw, and is available via Software Update for systems with Java installed. Alternatively, you can snag it from the Apple support site (opens in new tab).

On its support page, Apple noted: "Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31."

Previously Apple has come under fire for its slow response in keeping Java secure, but this time around, the reaction has been commendably swift. How long it will be before another variant of Flashback emerges, however, we'll just have to see.

Source: CNet (opens in new tab)

Darren Allan
Contributor

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.