Java for OS X 2013-001 Update Patches Security Vulnerability
Fresh off the news that Macs at Apple’s corporate headquarters were hacked through (yet another) Java exploit, Apple has released an update for Java that closes that hole, and also disables Java on Macs that have not used the applet in over 30 days. The update is available to all OS X users running 10.7 or 10.8 who have either not manually uninstalled or disabled Java themselves.
Labeled as Java for OS X 2013-001, the update is available now through Software Update and is recommended for all Mac users to install as soon as possible:
- Open the ļ£æ Apple menu and choose “Software Update”
- Locate and install “Java for OS X 2013-001”
The update is available through the Mac App Store for OS X Mountain Lion users.
Release notes accompanying the Java update are as follows:
Java for OS X 2013-001 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.
On systems that have not already installed Java for OS X 2012-006, this update disables the Java SE 6 applet plug-in. To use applets on a web page, click on the region labeled “Missing plug-in” to download the latest version of the Java applet plug-in from Oracle.
Please quit any web browsers and Java applications before installing this update.
The update is aimed to address the security exploit that was used against Apple, which was first reported by Reuters earlier today:
Apple Inc was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date.
Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement provided to Reuters.
Other reports indicate the attack specifically created an open SSH connection on the targeted Macs, potentially allowing for remote access.
Java is frequently a source of malware and security problems on many computers, and it remains one of the few attack vectors that hackers can target Mac users through. Disabling Java system-wide and in web browsers is highly recommended for individuals who do not need it active either for development purposes or for access to certain banking websites. Those concerned about potential malware and trojans in OS X can read our article on some common sense tips to avoid infecting Macs.
Why don’t I have this update available, I’m running Mountain Lion 10.8.2 Safari 6.0.2 ?
Nobody can close a hole without borderā¦
I have one older iMac I have not upgraded yet, because I need to wipe it and do a full re-install. I’m too chicken to trust in a full restore from time machine stored on an external drive in case things go bad. So some time I will buy a new iMac and then move all the data to it and go back and re-install, but it comes out to more than just a few $$ to do that :-)
At any rate when it comes to security issues patches for software that is not really that old should be made available.
“So I guess Apple is giving up on all customers who donāt continually fork over money to upgrade to the latest revs?”
Come on it is not like OS X is expensive, it was around $20 last time i checked.
Yes, everyone stop using your computers!
You guys must be corporate IT. They live to berate people about installing software, because, gasp, they want to run software that may be useful to them.
And now for the real reason for my post.
So I guess Apple is giving up on all customers who don’t continually fork over money to upgrade to the latest revs?
The fix is free.
2x this.
Everyone do yourself a favor and uninstall Java. Unless you use Eclipse or have some bank from the 18th century, nobody needs it! Nothing but problems, every single hack against the Mac has come through Java or Flash… DISABLE BOTH and you will be safer.
uninstall Java ???
… and how can I use Photoshop CS6 ???