SANS ISC: Apple Java Updates for Mac OS X

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

This Java security update removes the most common variants of the Flashback malware. "Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion." [1] Apple recommends that all Mac users install this update where Java is installed.

OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: The Java browser plugin and Java Web Start are deactivated if they remain unused for 35 days

For OS X Lion systems
Download file: JavaForOSX.dmg

Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: A Flashback malware removal tool will be run

For Mac OS X v10.6 systems
Download file: JavaForMacOSX10.6.dmg

Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is available via the Software Update pane in System Preferences or via the Apple web site here.

[1] http://support.apple.com/kb/HT5242

[2] http://www.apple.com/support/downloads/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu