Apple patches Java 6 for OS X Snow Leopard, Lion

Duplicates the defense-in-depth change Oracle issued last week

By , Computerworld |  Security, Apple, java

Apple today issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit other vulnerabilities.

The update brought Java 6 up to par with Oracle's version 35, which it released last Thursday, Aug. 30. Oracle's so-called "out-of-band," or emergency patch, fixed three bugs in Java 7 that hackers had already begun exploiting, and made one change to Java 6.

"[The latter] represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited," Oracle said in its advisory of a week ago.

Apple was required to provide the defense-in-depth update because it still maintains Java 6, which it bundled with 2009's OS X Snow Leopard and offered to users running 2011's Lion as an optional download when they encountered a Java applet on the Web.

However, Apple is not responsible for Java 7; the company handed back control of the software to Oracle in 2010. The OS X patches for the three Java 7 flaws, then, were produced by Oracle and shipped last week alongside the fixes for the Windows version of Java 7.

Today's Java patch was the first Apple update for OS X Snow Leopard since June 12. Although Snow Leopard still powers about a third of all Macs, Apple has likely halted security updates for that edition. If Apple follows past practice, it will continue to update a small group of homegrown and third-party components -- iTunes, Java, QuickTime and Safari -- in Snow Leopard for several months.

Java 6 version 35 can be downloaded from Apple's website for OS X Snow Leopard and Lion. Users running Java can also wait for Software Update to notify them that the Java download is available.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness