Monday, February 4, 2013

Java Vulnerabilities being addressed by Oracle and Apple.

In recent weeks, there has been too much concern about Java vulnerabilities, where certain critical security flaws has made Java Runtime Environment a much more popular target for attackers.

Because of this, Oracle fast tracked the issue of Critical Patch Update in Feb. 2013 whereas originally the patch was due to be released on 19 Feb 2013.

This Critical Path Update Advisory contains 50 new security fixes for several products, including Java 5.0 update 38, 6 update 38 (and earlier) and the most recent JRE 7 update 11 and previous versions.

Oracle said the massive patch was brought forward due to "active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment in desktop browsers".

Apple, at the same time, has released updates for this Mac Computers including consumer focused operating system "Mac OS X" as well as enterprise / IT focused operating System "Mac OS X Server"

The updates are for several version of Apple Mac OS X operating system.

If you are running OS X v10.6.8 Snow Leopard, these updates could be downloaded from Apple Software Updates on your Mac Operating System and once all available updates are download, additional updates might become available as well.

If you are running OS X Lion v10.7.5 or OS X Mountain Lion v10.8.2 or later:

Use one of these methods:

  • For a new installation of Java 7:

  1. Download the latest Java 7 version from
  2. Open the downloaded disk image.
  3. Open the installer within and follow the onscreen instructions.
  • If Java 7 is already installed:
  1. Choose Apple menu > System Preferences….
  2. Choose View > Java to open the Java Control Panel app.
  3. Click the Update tab.
  4. Click Update Now button and follow the onscreen instructions.
If you are reading tech journalism recently, you would have come across people arguing about disabling Java in your web browser and enabling it only and only if you find it absolutely necessary to do so.

In fact Apple has gone a step ahead, and on systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. You may re-enable Java applets by clicking the region labeled "Inactive plug-in" on a webpage. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.