Apple patches Java 6 for OS X Snow Leopard, Lion
Duplicates the defense-in-depth change Oracle issued last week
Computerworld - Apple today issued a Java update for OS X Lion and Snow Leopard to make it more difficult for hackers to exploit other vulnerabilities.
The update brought Java 6 up to par with Oracle's version 35, which it released last Thursday, Aug. 30. Oracle's so-called "out-of-band," or emergency patch, fixed three bugs in Java 7 that hackers had already begun exploiting, and made one change to Java 6.
"[The latter] represents a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited," Oracle said in its advisory of a week ago.
Apple was required to provide the defense-in-depth update because it still maintains Java 6, which it bundled with 2009's OS X Snow Leopard and offered to users running 2011's Lion as an optional download when they encountered a Java applet on the Web.
However, Apple is not responsible for Java 7; the company handed back control of the software to Oracle in 2010. The OS X patches for the three Java 7 flaws, then, were produced by Oracle and shipped last week alongside the fixes for the Windows version of Java 7.
Today's Java patch was the first Apple update for OS X Snow Leopard since June 12. Although Snow Leopard still powers about a third of all Macs, Apple has likely halted security updates for that edition. If Apple follows past practice, it will continue to update a small group of homegrown and third-party components -- iTunes, Java, QuickTime and Safari -- in Snow Leopard for several months.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- What makes OS X Mavericks so special?
- Apple's WWDC set for June 10-14, hints at fall launch of next iPhone
- Mountain Lion mauls other OS X editions for top spot
- Apple consistently convinces customers to upgrade OS X
- Apple to kill Messages beta for OS X Lion next month
- OS X Mountain Lion's torrid upgrade pace cools
- Apple rolls out iOS 6, upgrades Mountain Lion
- Apple patches Java 6 for OS X Snow Leopard, Lion
- OS X Mountain Lion grabs 20% share of all Macs
- Apple's Mountain Lion clears 10% bar, now runs 1 in 10 Macs
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts