In a recent Support Note, Apple said that update addresses a recently-identified vulnerability with the Java web plug-in. For those systems with OS X Lion and Mountain Lion, Apple suggests that customers make sure that they are running the latest version of Java 7, and then update Java through the Java Control Panel app.
According to Intego's Mac Security Blog, the update modifies the XProtect component of OS X, aka File Quarantine, to block outdated versions of the Java browser plug-in — in other words, those vulnerable to the vulnerability.
The minimum required version of Apple’s Java plug-in for Snow Leopard is now 13.9.7 (Java 6 Update 51), up from 13.9.5 (Java 6 Update 45). Apple provides its own version of Java for Snow Leopard and has continued to release security updates for it.
On Lion and Mountain Lion, the minimum version of Apple’s Java plug-in has increased from 14.7.0 (which corresponds with Oracle’s Java 7 Update 21) to 14.8.0 (which corresponds with Java 7 Update 25). Beginning with Lion, Apple no longer bundles Java with OS X; it is now a third-party offering available from Oracle.
Enable Java in your web browser only when you need to run a Java web app.
Confine your web browser only to the websites that need the Java web app. Do not open any other websites while the Java web plug-in is enabled.
When you are done, disable the Java web plug-in.
No comments:
Post a Comment