Apple launched Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 almost two months after patches for the same exploits were released for Windows. Experts often criticize the Mac maker for taking too long to patch Java vulnerabilities.
Apple's delay in getting out patches has led to security vendors recommending Mac owners disable Java and use the technology only as needed. "Mac users and IT admins for Macs should review whether Java is actually needed for their usage," Wolfgang Kandek, chief technology officer for security vendor Qualys, said in the Redwood Shores, Calif.-based company's blog.
[Related: 2012 Partner Programs Guide: 5-Star Security Vendors ]
The latest Apple updates are for Mac OS X v10.6.8 and OS X Lion v10.7.3, including the sever versions. The patches fix Java 1.6.0_29. For detailed information on the flaws, Cupertino, Calif.-based Apple recommends going to the site of Java-owner Oracle.
The most serious vulnerabilities enable a cyber-criminal to execute code on a Web browser, including Apple Safari, when a person visits a compromised Web site. Crooks can run the code on a Mac without requiring the user to enter a password.
Helsinki, Finland-based F-Secure reported Monday that a variant of the Flashback malware exploiting unpatched Java on the Mac had been spotted on the Internet. Flashback, which targets the Safari and Firefox Web browsers, is designed to steal passwords to online banking and other Web sites visited by people with an infected Mac.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
