Apple has just pushed an update to all OS X 10.7 and 10.8 users. The patch fixes two separate Java vulnerabilities, one being a ‘zero-day’ vulnerability. This update comes after Oracle released Java 7 Update 17 this morning that killed these two security holes. Mac users can update their Macs to Java SE 6 version 1.6.0_43 right now via the App Store. Not only does this update close holes within Java, but the update also disables Java plugins on machines that aren’t running the latest Java release.
We’d highly recommend updating your Mac right now. One of the holes is an ‘unknown’ vulnerability that is already being exploited around the net. Oracle said it originally heard about the bug on February 1st and that the bug was found “too late to be included in the February 19th release of the Critical Patch Update for Java SE”.
What’s worse is the fact that since Oracle released the latest set of Java fixes, five more vulnerabilities have already been found as of this morning. Even though Java is working on investigating these new vulnerabilities, we’d highly recommend disabling Java completely on your Mac unless you absolutely need to use it.
Another day, another Java vulnerability. Get your stuff together, Oracle. Better yet, just remove Java.
Image Credit: naan