Posted by: Chris Barylick
Date: Monday, January 14th, 2013, 08:28
Category: News, security, Software
Following up on the discovery of a Java 7 flaw that prompted Apple to disable the software in OS X, Oracle issued a statement saying it is currently working on a fix and released a patch over the weekend.
Oracle released the statement late Friday following a U.S. Department of Homeland Security recommendation that all Java 7 users disable or uninstall the software until a patch was issued, reports Reuters. Taking action on its own, Apple quietly disabled the plugin through its OS X anti-malware system shortly after hearing of the exploit.
The U.S. Department of Homeland Security said that Java’s most-recent vulnerability is being “attacked in the wild, and is reported to be incorporated into exploit kits.”
For its part, Oracle noted in its statement that the flaw only affects the most up-to-date version of Java 7 and Java software designed to run in Internet browsers.
Java and Apple have had a rocky relationship over the past few years, including a move to drop the Java runtime from OS X 10.7 Lion’s default installation when the OS debuted in 2010. Another flaw in Oracle’s internet plugin was responsible for the most widespread Mac malware ever when the “Flashback” trojan reportedly affected some 600,000 OS X machines in April 2012.
Apple continued efforts to deprecate Java from OS X over the past year, culminating in the company’s final official in-house Java update issued in May 2012. From that point, all responsibility for future updates was handed over to Oracle.
Oracle on Sunday released a fix to a Java 7 flaw discovered on Friday. Users can download the release here.
The update requires an Intel-based Mac running Mac OS X 10.7.3 or later to install and run.
From the release notes:
“The fixes in this Alert include a change to the default Java Security Level setting from “Medium” to “High”. With the “High” setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.”
If you’ve tried the Java update and have any feedback to offer, please let us know in the comments.