Apple has released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7. The updates address the vulnerability in Java exploited by the Flashback.K trojan. The latest variant of. This tutorial describes how to update Java 6 on Mac OS X. The update in this tutorial updates Apple's Java 6 to Update 35 to bring it in parity with Oracle's Java 6 Update 35. Apple Downloads.
Apple has released Java updates for Mac OS X 10.6, 10.7.x and 10.8.x. There’s good news and bad news with these updates, so I’m going to lead off with the good news.
Good news: updates Java SE 6 to 1.6.0_37 and otherwise has the same behavior of Java for Mac OS X 10.6 Update 10. If you’re using to make sure that the Java plug-in is active for your web browsers, I’ve verified that this script continues to work. Bad news: uninstalls the Apple-provided Java applet plug-in from /Library/Internet Plug-Ins, which means that web browsers will not be able to launch Java applets from inside the browser. It also removes the Java Preferences application from /Applications/Utilities. The rest of the Java 6 framework is still installed, so CrashPlan and other applications that use Java 6 outside of a browser will still work fine. However, if you try to access a Java application in a web browser, you will see a Missing Plug-In message.
The fix is to click on the Missing Plug-In message and be directed to Oracle’s for Mac OS X. From there, the Java installer will need to be downloaded and installed. It’s important to note that this process no longer taps into Apple’s Software Update mechanism to install Java. Instead, you would download a disk image from the Oracle website and install an installer package stored inside the disk image. Update –: Apple has released a KBase article on how to re-enable the Apple-provided Java SE 6 applet plug-in and Web Start functionality: Deployment: Oracle’s installer can be installed silently from the command line and does not require a reboot.
Oracle has built in a Sparkle-based update mechanism. If you need to update multiple Macs, you should be able to distribute the Oracle Java installer package using your system management tools. Any tool that can install a standard Apple installer package should be able to distribute the new Java installer. From what I can tell, we can disable the update check by placing a file at: /Library/Application Support/Oracle/Java/Deployment/deployment.properties with the contents: deployment.macosx.check.update=false Normally all Oracle’s Java plugin preferences would be stored in the user’s home (followed by the path above), but it seems that preferences can first be overridden here. Once this is set, if I open the Java control panel, the “Check for Updates Automatically” checkbox is unchecked.
It still does a check right then upon opening the panel, but I’d hope this should at least prevent it from checking in the background and prompting the user. For reference, here’s Java 6 documentation on deployment overrides, though I don’t know how much of this is still valid for 7. I wasn’t able to find an equally-detailed list for 7. It looks like Apple’s JavaAppletPlugin.plugin is just a symlink to /System/Library/Java/Support/CoreDeploy.bundle/Contents/JavaAppletPlugin.plugin. The 2012-006 update just deletes that symlink.
Takes Java up to 1.6.0_31 Here's the list of the goodness:Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507.
If you haven't already, now is also a good time to disable Java inside of your browser. Java exploits are real and there's really no benefit in having Java inside of your bowser (except if you want to be distracted by useless applets on pages from 1995). Apple should disable Java inside of Safari by default. It's really surprising that they still ship a browser with that crap turned on.
0 kommentar(er)
