May 20, 2010

Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems.

The patch appears to fix a flaw in Java that Oracle shipped more than a month ago that attackers were using to install malicious software on Microsoft Windows systems.

Updates are available for Mac OS X v10.5.8 and Mac OS X v10.6.3 or later, via Apple Downloads or Software Update. The new release brings Java on the Mac to the current version, Java 6 Update 20.

13 thoughts on “Apple Ships Java Security Update

  1. Phoenix

    You’ll need Java if you want to know the official US time. The website requires it, otherwise I’ve never found much use for it.

    1. Rick

      Is the official US time – barring zone diffs – different from any other time? They have their own time in the US too? 😉

      1. Pete

        You really should be using NTP synchronized clocks. Even windows xp has had the feature for many years.

  2. amacs

    In Mexico are taking commercial where they say that these machines do not have vulnerabilities

    1. JCitizen

      Dear amacs;

      Good to see your comments here on Brian’s site. We get the same commercials here. They are misleading, but fortunately Mac malware is quite rare.(for now)

        1. Rick

          There have been attacks, both in the lab and in the wild – Inq.Tana, Oompa Loompa, Opener, the trojans put in Apple downloads hosted elsewhere than Apple – but they haven’t exactly been widespread. Apple and Unix have a long way to go if they want to compete with Microsoft in that category.

  3. JCitizen

    My web based personal weather station won’t work without java; so it is critical to me, as I live in an agricultural area and have farm income.

    Plus I rely on it for tornado warnings; it has saved my life once. I call that critical for sure.

  4. burke

    “The new release brings Java on the Mac to the current version, Java 6 Update 20.”

    On my MacOS 10.5.8 boxes, the update installs 1.5.0_24.

    Oracle stinks, by the way.

    I wonder how long it will take them to start charging for Java updates the way they did with Solaris (no more free access to security updates).

    1. george

      Java Installer/Up-grader already aggravates me since it bundles with Google Toolbar, Bing, Yahoo! Toolbar and others, trying to get a distracted user not to bother un-checking the (always by default enabled) box.
      From here to remove completely the choice of not installing unwanted-ware is just a step, and some companies already made it. (Adobe is actively making harder and harder to install their reader without Adobe DLM (and Adobe AIR).

  5. Evelyn Sears

    That is how 9/11 happened, believing it wouldn’t or couldn’t happen when it already had, certainly not as large and tragic, but why wait for the worst if you can prevent it.

Comments are closed.