Apple releases Java 2013-002 update for Mac OS X 10.7, 10.8 operating systems, Java for Mac OS X 10.6 Update 14

Posted by:
Date: Tuesday, March 5th, 2013, 07:38
Category: News, security, Software

applelogo_silver

A security update never truly goes unappreciated.

Following up on recently discovered zero-day Java security holes, Apple releases Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 14, stands as a 72.8 megabyte download and offers the following fixes and changes:

- Delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The second update, Apple Java 2013-002, stands as a 68.3 megabyte download and offers the following fixes and changes:

- Uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

- Removes the Java Preferences application, which is no longer required to configure applet settings.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Adobe Reader, Acrobat Pro updated to 11.0.02, add security fixes

Posted by:
Date: Wednesday, February 20th, 2013, 12:40
Category: News, Software

You can’t argue with a security update…

On Wednesday, Adobe released version 11.0.02 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, add the following fixes and changes:

- This full installer provides mitigation for specific security issues. For additional release details, see the Release Notes.

Acrobat Reader 11.0.02 and Acrobat Pro 11.0.02 require an Intel-based processor and Mac OS X 10.6.4 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Apple releases Java updates for Mac OS X 10.6, 10.7, 10.8 operating systems

Posted by:
Date: Wednesday, February 20th, 2013, 07:17
Category: News, security, Software

applelogo_silver

Well, this is a bit awkward.

Following up on a recent, wide-ranging malware attack, Apple releases Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 13, stands as a 69.32 megabyte download and offers the following fixes and changes:

- Java for OS X 10.6 Update 13 delivers improved security, reliability, and compatibility for Java SE 6.

- Java for OS X 10.6 Update 13 supersedes all previous versions of Java for OS X v10.6.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The company also addressed its Mac OS X 10.7 and 10.8 user base, releasing its Apple Java 2013-001 update, a 67 megabyte download that offers the following fixes and changes:

- Java for OS X 2013-001 delivers improved security, reliability, and compatibility for Java SE 6.

- Java for OS X 2013-001 supersedes all previous versions of Java for OS X.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Rumor: Apple working on quick fix for lockscreen exploit in iOS 6.1.2

Posted by:
Date: Monday, February 18th, 2013, 08:56
Category: iOS, Rumor, security, Software

When in doubt, work on a fix.

Per German web blog iFun and AppleInsider, Apple is already working on an update to iOS 6 to address a dangerous passcode vulnerability discovered earlier in the week, with one report claiming that the company anticipated issuing the update as early as next week.

The article presently states that iOS 6.1.2 will arrive early next week, and likely before February 20. iFun accurately predicted the launch of iOS 6.1.1, relying on the same sources that tell them 6.1.2 is on the way.

News of the lockscreen exploit hit the Internet last Wednesday. Using the bypass method, one can view and modify an iPhone owner’s contacts, listen to voicemail, and browse through their photos. The exploit does not, though, appear to grant access to email or the web.

Apple on Thursday acknowledged the vulnerability. The company, representatives said to the media, is hard at work on a patch, though they provided no hard details on when users could expect one.

Stay tuned for additional details as they become available.

Apple releases 11th OS X 10.8.3 build to developer community, pins down file bug

Posted by:
Date: Thursday, February 7th, 2013, 08:58
Category: News, security, Software

The betas, they just keep rolling in…

Per The Mac Observer, Apple continued to extensively test the next maintenance update to OS X 10.8 Mountain Lion with the release of the tenth prerelease build of 10.8.3 to developers Wednesday. The build, 12D65, arrives one week after the previous build, 12D61.

The latest build of 10.8.3 lists no known issues and asks developers to focus on AirPlay, Airport, Game Center, Graphics Drivers, and Safari.

Notably, the build fixes a file bug revealed over the weekend that caused nearly every Mountain Lion app to crash by entering a specific set of characters. It was eventually determined that the bug was due to a Cocoa programming error in Mountain Lion’s data detectors. That Apple has now fixed the bug in the latest prerelease of 10.8.3 is a good sign, as it was potentially a serious security vulnerability.

OS X 10.8 Mountain Lion was first released on July 25, 2012. The 10.8.1 update arrived on August 23, 2012 and 10.8.2 on September 19, 2012. Prerelease builds of 10.8.3 have been seeded by Apple since November.

If you’ve gotten your mitts on the latest beta and have any feedback to offer, please let us know in the comments.

Apple releases Java for Mac OS X 10.6 Update 12

Posted by:
Date: Monday, February 4th, 2013, 08:04
Category: News, security, Software

applelogo_silver

This sort of came out of left field, but if you’re running Mac OS X 10.6, you should probably install it.

Late Friday, Apple released Java for Mac OS X 10.6 Update 12, a Java update for its Mac OS X 10.6 (Snow Leopard) operating system.

The update, a 72.8 megabyte download, offers the following fixes and changes:

- Java for Mac OS X 10.6 Update 12 delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_39.

As always, the update can also be located and installed via the built-in “Software Update” feature in Mac OS X.

The Java for Mac OS X 10.6 Update 11 fix requires an Intel-based Mac running Mac OS X 10.6.8 or later to install.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Apple quietly disables Oracle’s Java 7 Update 11 fix via XProtect anti-malware feature in OS X

Posted by:
Date: Thursday, January 31st, 2013, 08:19
Category: News, security, Software

javaicon

When it comes to Java, there’s always an argument to be had between Apple and Oracle.

Per MacGeneration, the recently released Java 7 Update 11 has been blocked by Apple through its XProtect anti-malware feature in OS X.

Oracle issued the latest update to Java earlier this month to fix a serious zero-day security flaw. The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued.

Apple took action on its own and quietly disabled the plugin through its OS X anti-malware system. As noted by the article, Apple has again updated its OS X XProtect list, this time to block Java 7 Update 11.

Because Oracle has yet to issue a newer version of Java that addresses any outstanding issues, Mac users are prevented from running Java on their system.

Over the last few years, Apple has moved to gradually remove Java from OS X. The company dropped the Java runtime from the default installation for OS X 10.7 Lion when the operating system update launched in 2010. Java vulnerabilities have been a common exploit used by malicious hackers looking to exploit the OS X platform.

Most notably, the “Flashback” trojan that spread last year was said to have infected as many as 600,000 Macs worldwide at its peak. Apple addressed the issue by releasing a removal tool specifically tailored for the malware, and also disabled the Java runtime in its Safari web browser starting with version 5.1.7.

Opera web browser updated to 12.13.1734

Posted by:
Date: Wednesday, January 30th, 2013, 08:16
Category: News, Software

operalogo

Late Thursday, Opera Software released version 12.13.1734 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:

General and User Interface:
- Fixed an issue where Opera gets internal communication errors on Facebook.

- Fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet.

- Fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com).

Linux and Windows:
- A new stand-alone update-checker, as part of a planned upgrade of the auto-update system.

Windows:
- Improved protection against hijacking of the default search, including a one-time reset.

Security:
- Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis; see our advisory.

- Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program; see our advisory.

- Fixed a low severity security issue; details will be disclosed at a later date.

- Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest; see our advisory.

Opera 12.13.1734 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Rumor: Apple prepping iOS 6.1 beta, build expected to go Golden Master

Posted by:
Date: Monday, January 14th, 2013, 07:51
Category: iOS, News, Software

Just the term, “golden master”, it pretty much sounds awesome.

Per German web site iFun, Apple is said to be internally testing a new beta of iOS 6.1 that is expected to be the golden master build, suggesting the software is nearly ready to be released to the public.

Citing a “reliable source,” the web site reported Friday that the fifth beta of iOS 6.1 is about to be released to developers. The software is said to have gone through “extensive internal testing,” and if all goes well it will be the golden master of the software.

The software is expected to be released to developers either on Friday or potentially on Monday.

Apple began supplying beta builds of iOS 6.1 to its development community in early November. To date, there have been four betas seeded, the most recent arriving in mid-December.

Changes in iOS 6.1 are mostly minor, with the most significant user-facing additions including the ability to purchase movie tickets through Fandango with Siri, and a new prompt that asks users to enter security questions for iCloud when setting up their device for the first time.

For developers, iOS 6.1 includes an enhanced Map Kit framework that will allow third-party applications to search for map-based addresses based on points of interest. For example, a user could search the term “coffee” and the new framework would return the location of local coffee bars along with information about each one.

iOS 6.1 builds released to date have been compatible with the iPhone 5, iPhone 4S, iPhone 4, and iPhone 3GS; fourth-, third-, and second-generation iPad; iPad mini; and fifth-and fourth-generation iPod touch.

Stay tuned for additional details as they become available.

Google Chrome updated to 24.0.1312.52

Posted by:
Date: Friday, January 11th, 2013, 07:43
Category: News, Software

google-chrome-logo

If you love Google Chrome, it’s your lucky day.

Late Thursday, Google released version 24.0.1312.52 of its Chrome web browser. The update, a 46.8 megabyte download, adds the following fixes and changes:

- [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.

- [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyenger, both of Facebook.

- [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

- [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).

- [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).

- [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).

- [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).

- [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.

- [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).

- [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).

- [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.

- [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).

- [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).

- [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).

- [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).

- [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).

- [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.

- [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).

- [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.

- [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

Google Chrome 24.0.1312.52 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.