{"id":5798,"date":"2012-09-06T14:24:47","date_gmt":"2012-09-06T21:24:47","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=5798"},"modified":"2024-05-20T11:59:32","modified_gmt":"2024-05-20T18:59:32","slug":"apple-releases-java-6-update-to-fix-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/","title":{"rendered":"Apple Releases Java 6 Update to Fix Vulnerabilities"},"content":{"rendered":"<p>Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for security-in-depth hardening,\u201d these patches will update Java SE 6 to version 1.6.0_35.<\/p>\n<p>Apple\u2019s release for Snow Leopard, <a href=\"http:\/\/support.apple.com\/kb\/DL1573\" target=\"_blank\" rel=\"noopener\">Java for Mac OS X 10.6 Update 10<\/a>, and for Lion and Mountain Lion, <a href=\"http:\/\/support.apple.com\/kb\/DL1572\" target=\"_blank\" rel=\"noopener\">Java for OS X 2012-005<\/a>, each resolve exploitable vulnerabilities in the Java SE 6 plugin by configuring web browsers to not automatically run Java applets. \u201cThis update configures the Java plug-in to deactivate when no applets are run for an extended period of time,\u201d says a release on Apple\u2019s support site.<\/p>\n<p>This update comes on the heels of last week\u2019s <a href=\"https:\/\/www.intego.com\/mac-security-blog\/osxtsunami-variant-found-dropped-by-java-0-day\/\">Java 0-day exploit<\/a>, CVE-2012-4681, which <a href=\"https:\/\/www.intego.com\/mac-security-blog\/oracle-updates-vulnerable-java-version\/\">Oracle patched for the vulnerable Java version 7<\/a>. Oracle\u2019s out-of-band patch incorporated fixes for vulnerabilities exploited \u201cin the wild\u201d; however, the resolution may have caused a new security issue that also makes other bugs not yet addressed possible to exploit.<\/p>\n<p>Adam Gowdiak wrote about the <a href=\"http:\/\/seclists.org\/bugtraq\/2012\/Aug\/225\" target=\"_blank\" rel=\"noopener\">new security issue affecting Java SE 7 Update 7<\/a> in greater detail on Bugtraq:<\/p>\n<blockquote><p>One of the fixes incorporated in the released update also addressed the exploitation vector with the use of the sun.awt.SunToolkit class. Removing getField and getMethod methods from the implementation of the aforementioned class caused all of our full sandbox bypass Proof of Concept codes not to work any more [\u2026].<br \/>\n[W]e sent a security vulnerability report along with a Proof of Concept code to Oracle. The code successfully demonstrates a complete JVM sandbox bypass in the environment of a latest Java SE software (version 7 Update 7 released on Aug 30, 2012). The reason for it is a new security issue discovered, that made exploitation of some of our not yet addressed bugs possible to exploit again.<\/p><\/blockquote>\n<p>Note that Mac users running Java 6 are not vulnerable to the alleged sandbox bypass issue discovered in Oracle\u2019s emergency Java 7 patch. The Java 0-day exploit only affects OS X users who have Java 7 installed, which we clarified in a tweet last week:<\/p>\n<blockquote class=\"twitter-tweet tw-align-center\"><p>It\u2019s important to note that this <a href=\"https:\/\/twitter.com\/search\/%23Java\">#Java<\/a> 0-day exploit is only a danger to OS X users if you have installed Java 7.<\/p>\n<p>\u2014 Intego Mac Security (@IntegoSecurity) <a href=\"https:\/\/twitter.com\/IntegoSecurity\/status\/241170313197535232\" data-datetime=\"2012-08-30T13:47:38+00:00\">August 30, 2012<\/a><\/p><\/blockquote>\n<p>As always, these updates can be obtained from the Software Update pane in System Preferences or via <a href=\"http:\/\/www.apple.com\/support\/downloads\/\" target=\"_blank\" rel=\"noopener\">Apple\u2019s Software Downloads<\/a> page.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for security-in-depth hardening,\u201d these patches will update Java SE 6 to version 1.6.0_35. Apple\u2019s release for Snow Leopard, Java for Mac OS X 10.6 Update 10, and for Lion and [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":8761,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[75,589],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple Releases Java 6 Update to Fix Vulnerabilities - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-09-06T21:24:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-20T18:59:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derek Erwin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Apple security updates\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/\",\"name\":\"Apple Releases Java 6 Update to Fix Vulnerabilities - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage\"},\"datePublished\":\"2012-09-06T21:24:47+00:00\",\"dateModified\":\"2024-05-20T18:59:32+00:00\",\"description\":\"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \\u201can opportunity for\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple Releases Java 6 Update to Fix Vulnerabilities\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d7586ee278e291223dbae05ec1d95812\"},\"headline\":\"Apple Releases Java 6 Update to Fix Vulnerabilities\",\"datePublished\":\"2012-09-06T21:24:47+00:00\",\"dateModified\":\"2024-05-20T18:59:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage\"},\"wordCount\":392,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg\",\"keywords\":[\"Java\",\"Proof of Concept (PoC)\"],\"articleSection\":[\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d7586ee278e291223dbae05ec1d95812\",\"name\":\"Derek Erwin\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f88b4bb259f7d5b1d10884ffa4b3c126?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f88b4bb259f7d5b1d10884ffa4b3c126?s=96&d=mm&r=g\",\"caption\":\"Derek Erwin\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/derek-erwin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Apple Releases Java 6 Update to Fix Vulnerabilities - The Mac Security Blog","og_description":"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-09-06T21:24:47+00:00","article_modified_time":"2024-05-20T18:59:32+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Derek Erwin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg","width":"400","height":"260","caption":"Apple security updates"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/","name":"Apple Releases Java 6 Update to Fix Vulnerabilities - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage"},"datePublished":"2012-09-06T21:24:47+00:00","dateModified":"2024-05-20T18:59:32+00:00","description":"Apple has released critical Java 6 updates for Mac OS X Snow Leopard, OS X Lion, and OS X Mountain Lion. Described as \u201can opportunity for","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple Releases Java 6 Update to Fix Vulnerabilities"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d7586ee278e291223dbae05ec1d95812"},"headline":"Apple Releases Java 6 Update to Fix Vulnerabilities","datePublished":"2012-09-06T21:24:47+00:00","dateModified":"2024-05-20T18:59:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#webpage"},"wordCount":392,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg","keywords":["Java","Proof of Concept (PoC)"],"articleSection":["Security &amp; Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-releases-java-6-update-to-fix-vulnerabilities\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d7586ee278e291223dbae05ec1d95812","name":"Derek Erwin","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/f88b4bb259f7d5b1d10884ffa4b3c126?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f88b4bb259f7d5b1d10884ffa4b3c126?s=96&d=mm&r=g","caption":"Derek Erwin"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/derek-erwin\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/SecurityUpdate.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1vw","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5798"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=5798"}],"version-history":[{"count":63,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5798\/revisions"}],"predecessor-version":[{"id":100679,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/5798\/revisions\/100679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8761"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=5798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=5798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=5798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}