w********1
发帖数: 3492 | 1 Wed, 13 Jun 2012 11:09:19 PDT
Apple yesterday released a pair of software updates for Java, issuing
versions for both Lion and Snow Leopard. The update in part builds upon an
earlier Java update for Lion that disabled automatic execution of Java
applets in an attempt to minimize the impact of Java-based malware threats
like Flashback.
This update configures web browsers to not automatically run Java applets.
Java applets may be re-enabled by clicking the region labeled "Inactive plug
-in" on a web page. If no applets have been run for an extended period of
time, the Java web plug-in will deactivate.
As noted by Krebs on Security, the release is notable because it came on the
same day that Oracle released updates for Java on other platforms. Apple
has long been criticized for lagging on Java updates, a policy which allowed
the Flashback malware to flourish as Mac systems remained unprotected
against the threat even though Oracle had patched the vulnerability on other
systems several months before.
The update Oracle released yesterday, Java 6 Update 33 and Java 7 Update 5,
fixes at least 14 security flaws in the oft-attacked software that is
installed on more than three billion devices worldwide. Apple’s Java update
brings Java on the Mac to 1.6.0_33, and patches 11 of the 14 security
vulnerabilities that Oracle fixed in Tuesday’s release. It’s unclear
whether those other three flaws simply don’t exist in the Mac version of
Java, but we’ll take progress where we can get it.
With Java SE 7 set to come to the Mac later this year, control over updates
is transitioning from Apple to the OpenJDK project, with both Apple and
Oracle providing expertise to ensure that updates for Mac roll out on a
timely basis. That transition was begun back in late 2010, with Steve Jobs
noting at the time that having Apple responsible for Java updates on the Mac
"may not be the best way to do it." |
|
