• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • SMB Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • SMB Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Apple rushes Java patch as Oracle fixes 40 critical vulnerabilities

Java security saga continues as fresh exploits unearthed

Apple logo
  • Alastair Stevenson
  • Alastair Stevenson
  • @MonkeyGuru
  • 19 June 2013
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

Apple has released a security update to protect Mac OS X users from 40 freshly discovered vulnerabilities in Oracle's Java platform.

The iPhone maker released the update hours after Oracle announced the critical patch, promising it will protect Mac OS X users from a host of vulnerabilities in the Java platform.

Apple said: "Multiple vulnerabilities existed in Java 1.6.0_45, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.

"Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_51."

The Java for OS X 2013-004 and Mac OS X v10.6 Update 16 patches are available for download now on Apple's website and relate to its Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7, OS X Lion Server v10.7 and OS X Mountain Lion v10.8 operating systems.

The Apple patch comes alongside a separate one from Oracle, made for other operating systems. The firm confirmed it relates to 40 new vulnerabilities in the platform and called for users to update as quickly as possible to protect themselves from opportunistic cyber crooks.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products, of which 4 are applicable to server deployments of Java," Oracle said in its release.

The patch is the latest development in Oracle's ongoing battle to secure the Java platform. Since the year began the enterprise giant has been forced to release a number of security updates – one of which was off cycle – to address a number of vulnerabilities in the platform.

The vulnerabilities have led numerous security professionals to criticise Oracle for its lax security. Most recently WhiteHat Security chief technology officer and co-founder, Jeremiah Grossman, criticised Oracle saying it is still being too slow with its security update cycle.

"Java is definitely a cesspool of vulnerabilities waiting to be discovered, some of which will be patched and exploited. The thing to closely monitor is how fast end users are actually patching, not just how many vulnerabilities are being addressed when the patch is made available. The Java ecosystem is notoriously slow, which is why I recommend uninstalling Java unless you really need it, then you don't have to worry about the endless slew of patches," he said.

Rik Ferguson, global vice president of security research at Trend Micro, added: "The vast majority of the vulnerabilities fixed are critical and could result in 'remote exploitation without authentication', which basically means that a machine can be attacked over a network, resulting in successful exploit.

"The best thing to do is simply to remove Java from your machine entirely, which has been the advice for some time now. The next best option is to stop using Java in the browser, specifically in the browser that you use regularly. If Java is absolutely indispensable for internal application use then it would be most effective to limit its use to a secondary browser, one that does not have the ability to access the internet – through proxy configuration for example."

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Oracle
  • Mac OS
  • Hacking
  • cyber-crime
  • Apple
  • Java

V3 Latest

BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP

BT wants to make the public switched telephone network history within eight years

  • Communications
  • 20 April 2018
Facebook Login hijacked by hidden web trackers, claim security researchers
Facebook Login hijacked by hidden web trackers, claim security researchers

Personal data being purloined by third parties via Facebook Login API

  • Security
  • 20 April 2018
Apple: we've no plans to merger iOS and MacOS
Apple: we've no plans to merger iOS and MacOS

MacOS and iOS are better off apart, says CEO Tim Cook

  • Desktops
  • 20 April 2018
Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year

Or they'll no longer be entitled to updates and bug patches

  • Developer
  • 20 April 2018
Back to Top

Most read

Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year
Scientists uncover new battery chemical with 50 percent more storage capacity
Scientists uncover new battery chemical with 50 percent more storage capacity
Former spies are scraping Facebook data to build a massive facial recognition database
Former spies are scraping Facebook data to build a massive facial recognition database
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
Oracle tells President Trump that winner-takes-all cloud contract for Pentagon is nonsense
Oracle tells President Trump that winner-takes-all cloud contract for Pentagon is nonsense
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017