Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple patches Mac Java zero-day bug

Computerworld staff | April 5, 2012
Apple yesterday released a Java update for Mac owners that fixes a dozen security flaws, including one that has been exploited by attackers for at least two weeks.

A version number will appear, or the message "No Java runtime support, requesting install" if Java is not on the Mac.

Users can also disable the Java plug-in from their browsers. (Security company Rapid7 has created a short video describing how to do that in Safari, Chrome and Firefox on the Mac.)

Java vulnerabilities are not new, but they've been off most hackers' to-do lists for some time.

"It continues to pop up as a major vector about once a year and then all of a sudden there is an 'oh crap' moment ... get your Java patched now," said Andrew Storms, director of security operations at nCircle Security, in an interview via instant messaging today. "Java is not on my radar very often, but when it does hit the screen, it's a big deal."

And Storms thought he knew why: Java just isn't what it used to be.

"More people are getting Adobe products up to date [than Java] because Adobe patches more often, so it's fresh in the mind and gets more news coverage," said Storms.

Storm has a point: Adobe has already patched its popular Flash Player, for example, three times this year.

Wisniewski urged users of Mac OS X 10.5 -- nicknamed Leopard -- and earlier to immediately disable the Java plug-in. Apple no longer supports those editions with security updates, including patches for Java.

According to Web metrics company Net Applications, Lion and Snow Leopard powered about 82% of all Macs that went online last month, leaving about one in five Mac users in the Leopard-or-earlier pool.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.