Apple Releases Fix for Critical Java Flaws

[ronjor]

Quote:

Apple has issued an update for Mac OS X installations of Java that fixes at least two critical security vulnerabilities in the software, including one flaw for which there is already a working exploit in circulation (CVE-2012-4681).

If you own a Mac, take a moment today to run the Software Update application and check if there is a Java update available. Delaying this action could set your Mac up for a date with malware. In April, the Flashback Trojan infected more than 650,000 Mac systems using an exploit for a critical Java flaw.

https://krebsonsecurity.com/2012/09/...al-java-flaws/

[ronjor]

Apple plugs Java hole, shifts away from plug-in

Quote:

By Antone Gonsalves, CSO

Apple has released a fix for a critical Java vulnerability, while also taking further steps to distance itself from the technology, which has become a major security risk in Web browsers.

Second Java zero-day vulnerability found

Apple released the fix Wednesday for Mac OS X Snow Leopard, Lion and Mountain Lion. The patches, Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005, shipped a week after Java-steward Oracle released an emergency patch.

As as of this week, more than a quarter-million computers on the Web have been infected with malware exploiting the vulnerabilities, said Atif Mushtaq, a security researcher at FireEye.

https://www.networkworld.com/news/20...ts-262233.html