Posted by: David Harley | April 4, 2012

Java Update from Apple

[Update: good article on the topic from Brian Krebs.]

…better late than never?

Updates are now available from Apple for Snow Leopard and Lion that addresses a number of known vulnerabilities in Java:

  • CVE-2011-3563
  • CVE-2011-5035
  • CVE-2012-0497
  • CVE-2012-0498
  • CVE-2012-0499
  • CVE-2012-0500
  • CVE-2012-0501
  • CVE-2012-0502
  • CVE-2012-0503
  • CVE-2012-0505
  • CVE-2012-0506
  • CVE-2012-0507

The update is timely in a sense, in view of the recent tweaking of OSX/Flashback to make use of CVE-2012-0507, as previously noted here. However, as Chester Wisniewski pointed out in a blog article for Sophos, Oracle released update 31 to version 6 of Java way back on February14th, so the delay between Oracle’s release and Apple’s update is a little disquieting.

David Harley CITP FBCS CISSP

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 37 other followers

%d bloggers like this: