Today Apple released their Java update for users of OS X 10.6 Snow Leopard. It is listed as 'Java for Mac OS X 10.6 Update 12'. The version of Java provided is 6u39, AKA Java 1.6 Update 39.
Apple's Java update is available via Software Update from within OS X 10.6.
For the moment, you can also download 10.6 Update 12 at the link below. HOWEVER, please note that ALL the information on the page is WRONG and out-of-date. (0_o) Hopefully this will be corrected by the time you visit the page. For now, only use the page for the download link! Ignore everything else and just click the 'download' button:
http://support.apple.com/kb/DL1573
At this time, there is no security information available about this update at Apple's website. Apple has so far failed to update their 'Apple security updates' page with this update. (0_o) Hopefully they will have caught up with themselves by the time you visit their security page:
http://support.apple.com/kb/HT1222
Thankfully, Apple has emailed the security details about this update, which I have provided below:
APPLE-SA-2013-02-01-1 Java for Mac OS X v10.6 Update 12
Java for Mac OS X v10.6 Update 12 is now available and addresses thefollowing:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8Impact: Multiple vulnerabilities in Java 1.6.0_37Description: Multiple vulnerabilities exist in Java 1.6.0_37, themost serious of which may allow an untrusted Java applet to executearbitrary code outside the Java sandbox. Visiting a web pagecontaining a maliciously crafted untrusted Java applet may lead toarbitrary code execution with the privileges of the current user.These issues are addressed by updating to Java version 1.6.0_39.Further information is available via the Java website at:
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2012-3213
CVE-2012-3342CVE-2013-0351CVE-2013-0409CVE-2013-0419CVE-2013-0423CVE-2013-0424CVE-2013-0425CVE-2013-0426CVE-2013-0427CVE-2013-0428CVE-2013-0429CVE-2013-0432CVE-2013-0433CVE-2013-0434CVE-2013-0435CVE-2013-0438CVE-2013-0440CVE-2013-0441CVE-2013-0442CVE-2013-0443CVE-2013-0445CVE-2013-0446CVE-2013-0450CVE-2013-1473CVE-2013-1475CVE-2013-1476CVE-2013-1478CVE-2013-1480CVE-2013-1481
Java for Mac OS X 10.6 Update 12 may be obtainedfrom the Software Update pane in System Preferences orApple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: 0c790491ca22ee009086ee1ec1f1b358024dd83e
Information will also be posted to the Apple Security Updatesweb site:
http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at:
https://www.apple.com/support/security/pgp/
________________________________
Security-announce mailing list
(Security-announce@lists.apple.com)--
Well, I've followed this subject, more or less, all along. While the complete wrongness of Oracle, with Apple not enough better, has been pretty clear throughout, I retain a little residual confusion at this pioint.
ReplyDeleteDoes this release mean that they appear to have *fixed* *the* *problem* And not just provided a wotkaround for the users to apply? That the thing now works (or is said to) without any problems that were known before this date?
I understand that that the info on the download page was totally wrong, and I suppose that it is still so; hence the explanation about how it *disables* Java is totally wrong, right?
There are problems here with not quite knowing for sure whether I'm seeing the totally wrong version or a revised version. A guide to "how to know whether the info you see is still unfixed nonsense" might help the less informed users. Thanks for listening, and especially for following this mess.