Apple issues Java update to tackle zero day

Apple has begun protecting its users against the recent Java zero-day vulnerabilities by rolling out its own patches.

Apple has now released its own patches for OS X users, in order to tackle the Java zero-day vulnerabilities that were discovered at the end of last month.

The security updates are available for Mac OS X Snow Leopard, Lion and Mountain Lion systems, due to there now being "an opportunity for security-in-depth hardening". In Apple's security bulletin, the company refers to Oracle's own security alert for CVE-2012-4681, and recommends users apply either the Java for Mac OS X 10.6 Update 10 or Java for OS X 2012-005, depending on the user's operating system. These patches will update Java to version 1.6.0_35, the equivalent of the latest version of Java 6.

Java 7 is only available on Macs if users have downloaded it directly from Oracle, rather than using Apple's software updater. Users running the latest version of Java 6 on OS X are not vulnerable to the alleged sandbox bypass vulnerability that was discovered in the most recent Java 7 Update 7 patch.

Apple has stated that it will provide further information on the patch on its Apple security updates page, but at the time of writing, this had not been updated.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All