Posted by: David Harley | April 4, 2012

Java Update from Apple

[Update: good article on the topic from Brian Krebs.]

…better late than never?

Updates are now available from Apple for Snow Leopard and Lion that addresses a number of known vulnerabilities in Java:

  • CVE-2011-3563
  • CVE-2011-5035
  • CVE-2012-0497
  • CVE-2012-0498
  • CVE-2012-0499
  • CVE-2012-0500
  • CVE-2012-0501
  • CVE-2012-0502
  • CVE-2012-0503
  • CVE-2012-0505
  • CVE-2012-0506
  • CVE-2012-0507

The update is timely in a sense, in view of the recent tweaking of OSX/Flashback to make use of CVE-2012-0507, as previously noted here. However, as Chester Wisniewski pointed out in a blog article for Sophos, Oracle released update 31 to version 6 of Java way back on February14th, so the delay between Oracle’s release and Apple’s update is a little disquieting.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: