Wednesday, October 17, 2012

Java Security Update!
Apple's JRE 1.6 update 37 Is Available Today

[Updated 2012-10-17 @3:26 pm ET]

Be sure to update today to Apple's JRE (Java Runtime Engine) version 1.6 update 37. It restores Java for Mac back to secure usability, for the moment anyway. The update is available for OS X 10.6, 10.7 and 10.8.

This installer is DIFFERENT in that it REMOVES the Java plugin from Mac OS X. After the installation you will NOT be able to run Java in any OS X web browsers. Instead, when Java is required at a website, you will be offered the opportunity to download Oracle's version of the plugin. Here are Apple's provided notes about the installer:

Java for OS X 2012-006 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_37. 
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.
Apple's 'About' pages regarding the Java updates for OS X 10.7 and 10.8 (but not 10.6) further point out that:
This update also removes the Java Preferences application, which is no longer required to configure applet settings.
You can check out a detailed analysis of the update by my colleague Topher Kessler at MacFixIt here:

Java Preferences missing after latest OS X Java update
While the Preferences utility is missing, this may be a simple oversight on Apple's part.

Cross your fingers and toes that the sandboxing in Java will stay fixed for the long term future and we won't have to worry about our Macs being PWNed simply because Java is running in our web browser.

If/when new Java security holes are discovered, I'll be posting here.

No comments:

Post a Comment