Got a tip for us? Share it...

Apple Releases Update to Java for OS X to Version 1.6.0_31

Apple has released an update to Java for OS X, updating Java SE 6 to version 1.6.0_31. The update, called Java for OS X Lion 2012-001, "delivers improved reliability, security, and compatibility for Java SE 6".

Apple hasn't updated its security page with details of the fixes in the update, but it may fix the vulnerability detailed across the web in recent days.

Apple released the same update for Snow Leopard, as well. The downloads can be acquired from Apple's support downloads page, or via Software Update.

Top Rated Comments

(View all)

31 months ago
What is this "Java" thing?
Rating: 9 Votes
31 months ago

Good News ! Makes me feel safer on viewing a lot of web pages!:D


Are you getting confused with Javascript?

Java ( applets) isn't used frequently on websites these days.
Rating: 8 Votes
31 months ago
Just downloaded and installed the update without issue. I wish Apple was a bit more proactive with the security patches, as it seems that Mac users are left vulnerable longer than our Windows brethren.
Rating: 6 Votes
31 months ago

Java is a programming language, it was pretty big at one point,


Was? It still --IS-- the most popular programming language on the planet, with Android and the ENTIRE enterprise market as its main strongholds.

Also, it is more than just a programming language or a simple framework. It is a full operating system-independent software platform.

But yes, C# and .NET are nice. And thanks to the people behind Mono, very interoperable with Java.
Rating: 5 Votes
31 months ago

If you use Xcode and upload apps to the App Store, don't install this Java update yet as it will break uploading to the Mac App Store (possibly iOS also). It breaks both Xcode App Store uploading and Application Loader uploading.


Care to mention the source for this information?
Rating: 4 Votes
31 months ago


When going to Utilities, I do see "Java Preferences," but when I click it, it says I need Java runtime, and asks me to install. I have been able to go to websites without any problems, so is this something that I need to install?

Thanks for all the help


Yeah, I believe the UI wrapper for configuring the runtime is always present, but if you don’t have it, you don’t get the install prompt.

...and if you don’t have the JRE installed, you won’t get a system update for Java.




What is java used for



Java is a programming language, it was pretty big at one point, one of the big advantages was that it compiled to an intermediate code that’s interpreted, so it allowed for “write once, run everywhere”, particularly as a client application.

It’s also used in backend services, and in fact, we did quite a bit of Java using J2EE (it’s an enterprise framework that provides DB/messaging/etc.), also did some client apps (wrote a CMS back in the late 90’s, I think it’s still in the Sun or Oracle catalog archives).

It was easy to distribute Java apps through a web interface, so you got centralized app management combined with a rich client environment.

Android apps can also be written in Java which let’s them be run on different CPU architectures and such. Since they’re run through a runtime interpreter (that’s the JRE that’s mentioned in the OSX configuration app, Java Runtime Engine), they’re [generally] not as fast as native code.

There’s still some client apps written in it like VPN/remote access apps, and things like the Oracle DB dev tool. It’s kind of few and far between for client apps, but still in reasonably decent use for the web (any sites you see running *.jsp are Java based backends).

Syntactically C# borrows quite a bit from Java (one reason I went from Java to C#).
Rating: 4 Votes
31 months ago
Apple announced they wouldn't be porting any new versions of Java, but this is just a fix to the current version of Apple's Java (SE6), which is still being supported.

The next version of Java (SE7) will still be coming to the Mac, it just won't have Apple branding.
Rating: 4 Votes
31 months ago
Wasn't supposed that java would be updated from the manufacturer (aka Oracle) just like in every other OS, for OS X Lion and forth ? Why is Mac version still maintained by apple unlike everyone else ?
Rating: 3 Votes
31 months ago

Apple hasn't updated its security page with details of the fixes in the update, but it may fix the vulnerability detailed across the web (http://nakedsecurity.sophos.com/2012/04/03/mac-malware-java/) in recent days.


It does fix this.

The security details have just been released via the apple-security-announce mailing list:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and
Java for Mac OS X 10.6 Update 7

Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now
available and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_31.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2011-3563
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507


Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667

For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx
VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh
7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc
Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA
wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd
V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=
=Pf96
-----END PGP SIGNATURE-----
Rating: 2 Votes
31 months ago



[What is java used for]

Java is a programming language [...] intermediate code [...] “write once, run everywhere”, particularly as a client application. [...] backend services [...], using J2EE (it’s an enterprise framework that provides DB/messaging/etc.) [...] CMS back in the late 90’s [...]VPN/remote access apps [...] running *.jsp are Java based backends) [...] Syntactically C# borrows quite a bit from Java


Sorry, but I'm afraid you're talking to a complete iNoob here who barely knows how to open Safari on OS X ;) So your (albeit very informative and correct) words just went down the drain :D

Cheers
Rating: 2 Votes

[ Read All Comments ]