“Oracle has released two major security updates addressing a number of vulnerabilities in Java for Mac OS and its Windows browser plugin,” Alastair Stevenson reports for V3. “The firm released the patches on Tuesday. The main browser update addresses 42 vulnerabilities while the second Apple patch fixes 21 security flaws.”
“Trend Micro security spokesman Rik Ferguson told V3 that the patches are important as they address several flaws that could be used by cyber criminals to mount attacks on businesses using Java,” Stevenson reports. “‘The vast majority of them are to do with remote exploitation without authentication, which in layman’s terms means that if you land on a compromised or malicious website, then the attacker can run code on your machine (infect you),’ said Ferguson. ‘There is an associate patch from Apple (they maintain their own Java for Mac OS) which addresses 21 of the vulnerabilities listed in the Oracle release and a separate security update for Safari which allows the user to only enable Java on a per site basis.'”
Stevenson reports, “Java has become an increasingly popular target for cyber criminals. Since the start of 2013 numerous Java based exploits have been uncovered by security researchers.”
Read more in the full article here.
MacDailyNews Note: The following updates are available via Software Update and also as standalone installers. More info and download links:
• Java for OS X 2013-003: Java for OS X 2013-003 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_45. – 63.92 MB
• Safari 5.1.9 for Snow Leopard: Safari 5.1.9 allows users to enable the Java plug-in for Safari on a website-by-website basis. – 48.40 MB
• Java for Mac OS X 10.6 Update 15: Java for Mac OS X 10.6 Update 15 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_45. – 69.39 MB