Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Oracle releases Java 7 update 13
Posted on February 1st, 2013 at 3:27 PM EDT
Oracle has just released Java 7 update 13, which is undoubtedly welcome news to Mac users who have been prevented from using Java, or any users who refused to use Java in its vulnerable state. One would assume that it fixes the vulnerabilities that have been in the news for the last few weeks. Unfortunately, at the moment, assuming is all we can do, as the Oracle Java SE Critical Patch Update Advisory contains no actual information. Hopefully, that information should be available soon.
7 Comments
This post is more than 90 days old and has been locked. No further comments are allowed.
The advisory was updated with a list of the 50 CVE’s patched late yesterday.
At about the same time, Apple promoted Java 6 Update 12 to Software Update for Snow Leopard users. Nothing yet on Java 6 for Lion/Mountain Lion and it just now got fixed to be able to download it from http://support.apple.com/kb/DL1573.
Still nothing for Lion/Mountain Lion Java 6 users.
You have to wonder… why does anyone care? I mean, Java’s become so dangerous by now… Why would anyone want to use it at this point?
That’s what I thought, as well, until I started reading many many complaints on the Apple Support Forum over the past couple of days from those who still rely on Java to make a living. Teachers, Healthcare workers, Bankers, etc. I read that the government of Denmark has contacted Apple in behalf of their entire banking industry concerning both the sudden, unannounced shut-down and the Lion/Mountain Lion users who still can’t use Java 6.
I hope developers get the message soon.
Seriously? I wonder how much the people behind Java are paying the government of Denmark to complain to Apple
I guess I fall into that rare Java user category…in order to use my standalone broker app, I need Java. So, I have it installed. But, I disable Java in Safari, to avoid the vulnerability…maybe I’m being naive, but that’s safe, right?
I actually wrote to my broker and told them they should use another coding language alternative to Java because of all the problems. I never heard back from them.
—
On another subject: Thomas, do you have any experience with, or opinions on TCPBlock, Little Snitch, or Hands Off! ?
They are used to control inbound AND outbound TCP/IP traffic from your computer. It’s the OUTBOUND that makes the difference.
I’m thinking about using TCPBlock…trying to get some good intel.
Here’s the link to TCPBlock: http://tcpblock.wordpress.com
The app developer seems supportive and responsive. Most of the comments on the blog about the app seem very positive. So far it looks like a very good and useful app. I just wanted to get your opinion…
I have experience with Little Snitch, not the others. The problem I have with all the outbound firewall apps is that they attempt to block connection attempts made by apps already on the machine. That’s an inherently flawed approach. If something malicious has gotten installed somehow and has managed to get root permissions, it wouldn’t be difficult to simply disable that software. And that has actually been done, on one occasion. Of course, such apps can provide some protection. Plus, a couple variants of Flashback also self-terminated the installation process, leaving the machine uninfected, if Little Snitch was installed. So it’s a bit of a mixed bag.
If you don’t mind running such software, and it doesn’t cause any problems for you, then it’s an added layer of security, which is always a good thing. Just keep in mind that it is not an impenetrable layer!
Has anybody been able to use Java Applets on Mountain Lion with Java Update 13. Firefox crashes when I try to open a page with an applet and Safari says “Plug-In Error”.