Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Apple Java Update APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Java Update APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update

Apple has also provided an update for JAVA http://www.apple.com/support/downloads/ Update 13 addresses a number of security issues and should be applied to Apple systems sooner rather than later.  Details on what the java update fixes can be found here http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html

Not sure whether this addresses the issue that has been reported in relation to the breach of apple, which according to the articles I've seen have been atributed to a java issue.

Mark H

Mark

391 Posts
ISC Handler
I installed JDK 7 U13 from the Oracle(Sun) site yesterday to do some Java development with Eclipse. I just got prompted a minute ago to update to U15 ... So are Oracle and Apple fighting over the versions, or what..
Anonymous
Yup... Oracle also released an update today: https://blogs.oracle.com/security/entry/updates_to_february_2013_critical

This is getting batty...
Anonymous
I am wondering how big enterprises are dealing with this Java mess. Could we ask people to share their experiences, trying to test/certify these updates in large enterprises? Is any large enterprise even thinking of disabling java plug-in in primary browsers, with a workaround for apps needing plug-in?
Anonymous
Any comments on claims by traditional AV vendors about their ability to detect Java zero-day related exploits?
http://www.symantec.com/connect/blogs/additional-protection-recent-java-zero-day
Anonymous
@ilango_al - It's a complete mess!! I wish we could disable it!!

One of our application environments requires it, and Oracle finally released the patch a coupla weeks ago that allows their own software package to work with their own Java v7!! We couldn't have Java v7 installed at all, and when Java v6's auto-updater started prompting to upgrade to v7 not too long ago that was another mess....not to mention that it ripped out v6 along the way... :-P
K-Dee

63 Posts

Sign Up for Free or Log In to start participating in the conversation!