Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

Jahrelang hat Apple Java für sein Mac OS selbst bereit gestellt und im Grunde versucht es loszuwerden.

Doch jetzt hat man sich mit Oracle geeinigt, dass der Java-Hersteller diese Aufgabe übernehmen soll. Mac-Benutzer sollen in Bezug auf Java also Windows- und Linux-Nutzern gleichgestellt und somit früher als bislang mit Sicherheits-Updates versorgt werden.

Read more...

Apple has shipped a Java update for Mac operating systems with 12 security fixes, including one that plugs a hole exploited by a recent variant of the Flashback malware.

                                ===> UPDATE!!! <===

Unfortunately, Mac users haven't received a patch for that particular vulnerability since Apple hasn't yet ported it to Java for Macs. In addition to all that, there are rumors that an exploit for another unpatched Java flaw is being offered for sale on online forums.

===> The researchers advise Mac users to disable their Java client for the time being in order to avoid infection. <===

A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now.

Oracle released an update that patched this vulnerability back in February… for Windows.

===> But — Apple hasn't released the update for OS X (yet). <===

Apple may have appeared to have pulled off a coup in persuading Oracle to maintain Java for Mac but can Oracle be trusted to get it right?

The emergence of the Flashback Trojan - which exploited a vulnerability in Mac OS X's version of Java - earlier this year led to a lot of flak for both Oracle and Apple. The vulnerability was known about and fixed in the Windows and Linux versions of Java, but remained exposed in OS X for several more weeks.

===> The fact that Apple is ultimately responsible for maintaining Java on OS X saw Apple's ability to protect its users questioned. <===

Read more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Une révision Java pour OS X Lion est disponible [1.0/2012-001 - 64 Mo Mo - OS X 10.7] ainsi que pour Snow Leopard [1.0 - Update 7 - 76 Mo - OS X 10.6]. Elle apporte des correctifs de sécurité et d'autres participant à sa stabilité.

===> Cette mise à jour comble tout particulièrement une importante faille exploitée par un malware qui pouvait être récupéré depuis un site web et capable ensuite d'exécuter avec les droits d'administrateur un applet Java contenant un code nuisible... <===

Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.

The update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, closes a dozen holes in Java 1.6.0_29, "the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox," according to Apple.

That presumably refers to CVE-2012-0507, which researchers at F-Secure said Monday was being used to spread the latest variant of the password-stealing Flashback trojan.

===> Computers can be infected simply by users visiting a malicious web page, a scenario known as a drive-by download. <===

                                      ===> UPDATE!!! <===

A new variant of the Flashback Trojan that appeared last year can install itself on a Mac without need for an administrator's password.

If a Mac OS X user visits a web page, and their Java is not up to date, the malware infection will occur without their intervention.

===> UPDATE asap! <===