In the hope that he could prod Oracle to act quickly last month, Gowdiak had gone public - albeit minus technical details - rather than privately reporting it to Oracle and waiting for the company to quietly patch Java.
#JAVA FOR MAC LION UPDATE#
"Oracle confirm that it is on track to deliver fixes for in the next Java SE Critical Patch Update which ships in February 2013," Gowdiak wrote on his firm's bug status website. 16 update, and was unable to work up a fix in time. The flaw impacted OS X as well as Windows versions of the software.Īccording to Gowdiak, Oracle told him it had received the bug report as it was wrapping up testing of the Oct. Months later, hackers independently uncovered one of the bugs, then began using it in widespread attacks during August.īut neither Oracle or Apple addressed the critical zero-day vulnerability that Gowdiak submitted to Oracle late last month. Earlier this year he reported more than a dozen. Gowdiak has found other Java vulnerabilities in the past. The firm updated Java 5, 6 and 7 for Windows, and Java 7 for OS X.Īdam Gowdiak, founder and CEO of Polish security firm Security Explorations, reported most of the bugs that Oracle patched yesterday. Oracle patched the same 20 bugs - and 10 more for good measure - on Wednesday for Windows.
#JAVA FOR MAC LION FOR MAC OS X#
People running the older Snow Leopard (2009) and Leopard (2007) have Java installed by default.Īpple took other measures to shove Mac owners towards Oracle, including removing Java options from the Preferences window.Īlong with the anti-Java plug-in maneuver, Apple also shipped two Java updates, dubbed Java for Mac OS X 10.6 Update 11 and Java for OS X 2012-006, that patched 20 critical vulnerabilities on OS X Snow Leopard, and OS X Lion and Mountain Lion, respectively. While Lion and Mountain Lion did not include Java, users may have installed it themselves: When a browser encounters a Java applet, OS X asks for permission to download the Oracle software. company is still responsible for patching Java 6 and earlier, but Oracle takes care of OS X users running Java 7. "It will enhance security, and reduce the number of web-accessible Java installations on Macs."Īpple stopped bundling Java with OS X starting with 2011's Lion this year's Mountain Lion also omitted Java. " might be part of the migration to a Java completely provided by Oracle," said Kandek via instant message today. Wolfgang Kandek, CTO of Qualys, saw Wednesday's plug-in elimination as both a security enhancement and an attempt by Apple to push customers towards Oracle as the distributor of Java. Earlier, Apple had made similar moves on Java, first blocking automatic execution of the Oracle plug-in, then following that with a patch that automatically disabled the plug-in if it had not been run in the past 35 days. The company reacted with several measures, including blocking older versions of Flash.
0 kommentar(er)
