Apple issues Java update to tackle zero day

Summary:Apple has begun protecting its users against the recent Java zero-day vulnerabilities by rolling out its own patches.

Apple has now released its own patches for OS X users, in order to tackle the Java zero-day vulnerabilities that were discovered at the end of last month.

The security updates are available for Mac OS X Snow Leopard, Lion and Mountain Lion systems, due to there now being "an opportunity for security-in-depth hardening". In Apple's security bulletin, the company refers to Oracle's own security alert for CVE-2012-4681, and recommends users apply either the Java for Mac OS X 10.6 Update 10 or Java for OS X 2012-005, depending on the user's operating system. These patches will update Java to version 1.6.0_35, the equivalent of the latest version of Java 6.

Java 7 is only available on Macs if users have downloaded it directly from Oracle, rather than using Apple's software updater. Users running the latest version of Java 6 on OS X are not vulnerable to the alleged sandbox bypass vulnerability that was discovered in the most recent Java 7 Update 7 patch.

Apple has stated that it will provide further information on the patch on its Apple security updates page, but at the time of writing, this had not been updated.

Topics: Apple, Malware, Oracle, Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.