Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Zone HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom The IoT Integrator Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom Intel Tech Provider Zone

Apple Patches Malware-Targeted Java Bug

Apple has released a fix for multiple Java vulnerabilities that could enable criminals to execute code on a Mac without the user having to enter a password.

Apple launched Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 almost two months after patches for the same exploits were released for Windows. Experts often criticize the Mac maker for taking too long to patch Java vulnerabilities.

Apple's delay in getting out patches has led to security vendors recommending Mac owners disable Java and use the technology only as needed. "Mac users and IT admins for Macs should review whether Java is actually needed for their usage," Wolfgang Kandek, chief technology officer for security vendor Qualys, said in the Redwood Shores, Calif.-based company's blog.

[Related: 2012 Partner Programs Guide: 5-Star Security Vendors ]

The latest Apple updates are for Mac OS X v10.6.8 and OS X Lion v10.7.3, including the sever versions. The patches fix Java 1.6.0_29. For detailed information on the flaws, Cupertino, Calif.-based Apple recommends going to the site of Java-owner Oracle.

The most serious vulnerabilities enable a cyber-criminal to execute code on a Web browser, including Apple Safari, when a person visits a compromised Web site. Crooks can run the code on a Mac without requiring the user to enter a password.

Helsinki, Finland-based F-Secure reported Monday that a variant of the Flashback malware exploiting unpatched Java on the Mac had been spotted on the Internet. Flashback, which targets the Safari and Firefox Web browsers, is designed to steal passwords to online banking and other Web sites visited by people with an infected Mac.

Back to Top



sponsored resources