The Java vulnerability discovered in August has prompted Apple to issue their own patch for Mac OS X customers. According to this security announcement, the free update for Java for OS X 2012-005 and Java for Mac OS X 10.6 in all Mac OS versions from Snow Leopard to date is available immediately.
The company decided to release its own patch for the Java 0-day vulnerability discovered in August. The fix is therefor available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later.
Particularly important is that these Java updates are designed to configure Mac usersâ€™ web browsers so they wonâ€™t automatically run Java applets, but rather inform users which page requires Java and mark the placeholder as “Inactive plug-in” on a web page. If the user trusts the content, they have to click it to activate it.
Appleâ€™s take on restricting the execution of Java content by default, along with the note that â€œdevelopers should not rely on the Apple-supplied Java runtime being present in future versions of OS Xâ€ is another warning sign that the Cupertino-based vendor has had enough from third-party plug-ins.Â In April, OS X customers were hit by the Flashback Trojan, a piece of malware that also exploited a mega-flaw in Java and that is still affecting users who havenâ€™t updated their vulnerable build.
Apple informs its users that â€œupdating to Java version 1.6.0_35â€ is â€œan opportunity for security-in-depth hardeningâ€ and for details redirects them also to Oracleâ€™s official webpage hosting a recently released emergency security patch for the controversial CVE-2012-4681 vulnerability and two others in Java 7 running in web browsers on desktops.
Standalone Java desktop applications and Java running on servers were not vulnerable.
Apple officials note that Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 â€œmay be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/â€ while further â€œinformation will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222â€.