Mac Security: XProtect Update Obviates Java Exploit [u]
There’s a serious Java vulnerability that could indeed affect Mac security. The feds advise disabling Java because the vulnerability is being actively exploited in the wild and that upwards of 850 million computers are vulnerable. Meanwhile Oracle is promising that a fix will be released in short order.
In the here and now, the Department of Homeland Security (DHS), the people that put on security theater at the airport, has issued an alert stating that anyone with Java installed should disable it. Moreover, the security issue affects Java 4 through Java 7, says the National Vulnerability Database.
“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT). “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”
DHS, unaware? Say it isn’t so. But fear not, intrepid Mac users, because Apple in its infinite wisdom has done something brilliant — updated OS X’s integrated security app, XProject, to prevent anything but Java 1.7.0_10-b19, which hasn’t been released yet, from running automatically.
So, when Oracle gets its act together, XProtect will again allow Java to automatically run when needed.
[u] Oracle has issued a fix that’s available from Oracle, though hasn’t yet appeared in the Mac App Store.
Further, assuming that you have Java installed on your Mac and haven’t used it in the last 90 days, OS X already automatically disabled it.
Mac Security: Trust with Verification
To check that your Mac has received the XProtect update, which Apple delivered via a background push update on Thursday, January 10, get Adam Christenson’s Safe Download Version (image above).
So, Apple’s XProtect, which is part of OS X 10.6.x, 10.7 and 10.8, obviates this new Java security issue automatically as along as you’re connected to the internet. The Macintosh, it just works…
What’s your take?
Related posts:
— Firefox 18 Gives Good JS, Thunderbird Gets a Bump
— Mac Java Update: JRE SE 7 1.7.0_10 is OS X 10.8 certified
— What’s new in iTunes 11
— iPad was the da bomb
— Microsoft delivers Mac Office 2011, Office 2008 updates
[...] posts: — Mac Security: XProtect Update Obviates Java Exploit [u] — Mac Java Update: JRE SE 7 1.7.0_10 is OS X 10.8 certified — Microsoft delivers Mac Office [...]
[...] posts: — Mac Antivirus: Intego Virus Barrier, Net Barrier Save 30% — Mac Security: XProtect Update Obviates Java Exploit [u] — Mac Java Update: JRE SE 7 1.7.0_10 is OS X 10.8 certified — Microsoft delivers Mac Office [...]
[...] Mac AntiVirus? You Have Choices — Mac Antivirus: Intego Virus Barrier, Net Barrier Save 30% — Mac Security: XProtect Update Obviates Java Exploit [u] — Microsoft delivers Mac Office 2011, Office 2008 [...]
[...] Related posts: — Mac Security: Adobe Patches Zero Day Flash Exploit — Java for Mac OS X 10.6 Update 12, Oracle Patches Available — Best Mac AntiVirus? You Have Choices — Mac Antivirus: Intego Virus Barrier, Net Barrier Save 30% — Mac Security: XProtect Update Obviates Java Exploit [u] [...]
[...] — those running OS X 10.6, 10.7 and 10.8 — Apple’s integrated XProtect security feature obviates this latest Java exploit. A background push update sent to users on Thursday, January 10, prevents a Mac from automatically [...]
[...] easy and manual way to monitor XProtect updates is Adam Christenson’s Safe Download Version, a free utility (image above left) that displays the version and push date of the XProtect [...]
Leave your response!
Recent Posts
Popular Posts
The ROCR on the web
Most Commented
Most Viewed
Powered by WordPress | Entries (RSS) | Comments (RSS) | Privacy Policy