“An opportunity for security-in-depth hardening is addressed”

Sep 6, 2012 09:40 GMT  ·  By

Apple has released its own patches for OS X users affected by a zero-day vulnerability in Oracle’s Java platform that was discovered in August. Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 are free updates to all Mac OS versions starting with Snow Leopard.

The Cupertino, California-based Apple Inc. reveals in a security bulletin that Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 are now available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, and OS X Mountain Lion 10.8 or later.

“An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35,” the Mac maker notes, directing customers to Oracle’s site for more information.

Oracle explains that the flaws don’t apply to Java running on servers or standalone Java applications. Oracle server-based software is also unaffected.

However, a cybercriminal can potentially exploit the flaws remotely, “without authentication, i.e., they may be exploited over a network without the need for a username and password.”

“To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability,” Oracle explains. “Successful exploits can impact the availability, integrity, and confidentiality of the user's system.”

Oracle urges customers to apply the updates “due to the severity of these vulnerabilities.”

For its part, Apple instructs Mac users on how to obtain the new Java releases.

“Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/,” according to the fruity company in Cupertino, California.

Mac users should note that both these Java updates will configure their web browsers to not automatically run Java applets. However, users can re-enable these by clicking the region labeled "Inactive plug-in" on a web page.

Download Java for Mac OS X (Free)