This article was published on March 4, 2013

Following Oracle patch, Apple releases update to fix new Java ‘zero-day’ vulnerability


Following Oracle patch, Apple releases update to fix new Java ‘zero-day’ vulnerability

Earlier today, Oracle released an update to Java to address two separate vulnerabilities in Java. Now, Apple has released a patch for OS X 10.7 and later which fixes those issues and disables older versions of the plug-in.

The update brings Java SE 6 to 1.6.0_43 and disables plugins on machines that don’t have the latest version of Java. One of the flaws discovered by researchers and revealed last week was classified as a ‘zero day’ or unknown vulnerability that was already being exploited in the wild, so you should update your machine ASAP.

Screen Shot 2013-03-04 at 2.41.44 PM

But everything isn’t all clear yet. Even as Oracle shipped its patch earlier today, it was also informed of five new flaws in Java and it has said it is already investigating.

At this point, the safest thing you could do is to disable Java entirely on your system unless it’s absolutely necessary. Apple has consistently said that people remove the Java plugin or disable it if not in use and the US Department of Homeland Security recently recommended that people do the same. This update also follows on from a patch that fixed a vulnerability used to hack into Apple employees’ systems.

The patch is available via Software Update on your Mac.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with