Oracle Releases Patch to Address Security Vulnerability in Java 7
Earlier this week, we reported on a newly-disclosed vulnerability in Java SE 7 that could pose a risk for users on a wide variety of platforms, including OS X. While the real-world threat to Mac users stemming from the vulnerability is very low given that a Mac-specific exploit for the vulnerability has not been seen and only a small fraction of Mac users have manually installed Java SE 7, the incident has served as another reminder the Mac users can be vulnerable malicious attacks.
Although Oracle was reportedly warned of the issue months ago and apparently did not take significant action to protect users until it became public, the company has now moved quickly to address the problem with today's announcement regarding the release of Java SE 7 Update 7. The release addresses the specific vulnerability disclosed earlier this week as well as several others, and the company has also released Java SE 6 Update 35 to address a separate issue with the earlier version.
If successfully exploited, these vulnerabilities can provide a malicious attacker the ability to plant discretionary binaries onto the compromised system, e.g. the vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. Note that this malware may in some instances be detected by current antivirus signatures upon its installation.
The updated versions of Java are available though Oracle's Java download page.
Popular Stories
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. The lack of ...
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, SEGA Genesis,...
Top Rated Comments
You haven't been paying attention. Apple is not releasing any Java updates ever again. They all go through Oracle now.
Which is ironic, because Java has built-in protection against buffer overflows whereas C, C++, and Objective-C (Cocoa) are all vulnerable. While clunky (though it's gotten better) and ugly, Java was always a pretty safe environment.
Sounds just like Flash...