Apple updates Java after malware spreads

By on
Apple updates Java after malware spreads

Lion, Snow Leopard patched.

One day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix.

The update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, closes a dozen holes in Java 1.6.0_29, "the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox," according to Apple. That presumably refers to CVE-2012-0507, which researchers at F-Secure said Monday was being used to spread the latest variant of the password-stealing Flashback trojan.

Computers can be infected simply by users visiting a malicious web page, a scenario known as a drive-by download.

Apple acted quickly after the reports of in-the-wild exploits began surfacing. However, the computing giant waited roughly six weeks to push the patches -- released by Oracle in mid-February -- for Mac OS X.

Wolfgang Kandek, CTO of vulnerability management firm Qualys, on Tuesday urged administrators to apply the update as soon as possible.

"In addition, Mac users and IT admins for Macs should review whether Java is actually needed for their usage," he said in an email to SCMagazine.com. "If not, Java can be disabled through the 'Java Preferences' program. Just uncheck 64-bit and 32-bit versions."

Unpatched Java deployments are one of the largest malware threats facing enterprises today, according to Microsoft.

And now Macs, not just Windows machines, appear to be in the cross-hairs.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?