Apple Patches Java Security Flaws in Mac OS X
The patches address the vulnerabilities fixed by Oracle's recent emergency update.
"If you own a Mac, take a moment today to run the Software Update application and check if there is a Java update available," advises Krebs on Security's Brian Krebs. "Delaying this action could set your Mac up for a date with malware. In April, the Flashback Trojan infected more than 650,000 Mac systems using an exploit for a critical Java flaw. Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005 are available for Java installations on OS X 10.6, OS X Lion and Mountain Lion systems, via Software Update or from Apple Downloads."
"Mac users should note that both these Java updates will configure their web browsers to not automatically run Java applets," writes Softpedia's Eduard Kovacs. "However, users can re-enable these by clicking the region labeled 'Inactive plug-in' on a web page."
"The most straightforward advice in the midst of this confusion is for users to uninstall Java, or at minimum disable Java-related browser plugins, standard advice from many security firms before the arrival of Oracle's emergency fix last week," writes The Register's John Leyden. "Most mainstream sites, with the exception of a few e-banking sites don't need Java in order to work. Users could use an alternative browser for such sites after disabling Java on their main browser, a move that would greatly reduce their exposure to danger."