Bug allows untrusted Java applet to execute arbitrary code outside the Java sandbox
After blocking the latest version of Java from OS X Mountain Lion, Apple is now patching the Snow Leopard implementation with Java for Mac OS X v10.6 Update 12.As Oracle is fixing a bug it should have taken care of a long time ago, Apple is taking matters into its own hands releasing Java for Mac OS X v10.6 Update 12, which “delivers improved security, reliability, and compatibility for Java SE 6.”
Superseding all previous versions of Java for Mac OS X v10.6, Java for Mac OS X v10.6 Update 12 is provided as a free download on Apple’s Support site. A direct download link is also available below.
The release updates the system Java SE 6 to version 1.6.0_39 for Mac OS X v10.6 which Apple itself provided in the past.
The Cupertino giant explains that, “On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets.”
“You may re-enable Java applets by clicking the region labeled ‘Inactive plug-in’ on a webpage. If no applets have been run for an extended period of time, the Java web plug-in will deactivate,” says Apple.
A security advisory on the company’s Support site reveals that Java 1.6.0_37 contains multiple vulnerabilities one of which “may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.”
Apple explains that “Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.”
Java version 1.6.0_39 addresses these issues as described on the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html.
Download Java for Mac OS X 10.6 Update 12 (Free)