Java patched again, Snow Leopard users blocked from older version (Updated) Update: Apple's Java team has quickly responded to the patch with a revised JVM for Snow Leopard, OS X 10.6. The Java for Mac OS 10.6 Update version 12 (APPLE-SA-2013-02-01-1) is available in Software Update, according to an Apple security email. It updates Java to 1.6.0_39.
Another week, another Java exploit: Computerworld notes that Oracle has once again updated the Java VM for all platforms to fend off a prospective exploit. The update is technically the scheduled February critical updates release, but the delivery was pushed up.
Unfortunately, while Mac users on OS X 10.7 Lion and 10.8 Mountain Lion can upgrade their JVMs using Oracle's installer for Java 7, Snow Leopard (10.6.
machines are out of luck. Oracle's Java 7 installer won't run, and as of yesterday Apple's supplied Java 6 is blocked by Apple's own XProtect malware shield -- it won't do applets in Safari or Firefox until it's patched.
There are some hacky workarounds for either disabling/modifying the XProtect manifest (not recommended) or getting Java 7 to install on 10.6.8 (also not recommended) -- but if you need to run Java in the browser on 10.6.8, there aren't many better options.
Speaking of recommendations, TJ's Reasonable Guide to Java security is a good resource for managing your risks with Oracle's runtime
Thanks, Charles!Java patched again, Snow Leopard users blocked from older version (Updated) originally appeared on TUAW - The Unofficial Apple Weblog on Fri, 01 Feb 2013 20:30:00 EST. Please see our terms for use of feeds.Source | Permalink | Email this | Comments
http://www.tuaw.com/2013/02/01/java-updated-again-snow-leopard-users-cannot-run-browser-applet/
