Apple releases Java update addressing critical vulnerability
<p>Apple has released an update for Java which addresses the recently announced vulnerability that has apparently been a long-standing bug in Java for OS X. The bug allowed for code and applications to be run as the current user, which could be dangerous
Apple has released an update for Java which addresses the recently announced vulnerability that has apparently been a long-standing bug in Java for OS X. The bug allowed for code and applications to be run as the current user, which could be dangerous if you were logged in as an adminstrator.
We discussed the problem and workarounds in our past article on the issue, but the current updates from Apple should address it completely and prevent the vulnerability from running. After applying the update, we tested the problem with the proof-of-concept java applet that we referenced in our initial article on the issue, and the applet isnt working anymore which indicates the problem has been fixed.
The updates are available via Software Update, and also from Apple's downloads page for both Tiger and Leopard users:
Information about this update can be found here: http://support.apple.com/kb/HT3581
Information about this update can be found here: http://support.apple.com/kb/HT3593
The update does not require a restart, but will require you to quit your Web browser and relaunch it for changes to take effect.
While it's been a long time coming, we're glad Apple has tackled this problem. People who have disabled Java in their Web browsers can now re-enable it again after applying this update.
UPDATE: The updates require the latest releases of their respective OS X versions to be installed. As such, people who have not updated to 10.5.7 (or 10.4.11 for Tiger users) will not be able to install this update. If you cannot update to the latest version because of some incompatibility, then we recommend you still keep Java disabled in Safari and other Web browsers.
Resources