Apple has reacted to Java-related fears on Mac OS X very positively. The company released an update which is said to fix the flaws that might lead to danger. The update which was rolled out to the masses yesterday was for Java for OS X Lion 2012-001 and Java for Mac OS X 10.6. According to what Apple has said in its advisory, “Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted (sic) Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted, untrusted(sic) may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31.”
F-secure have informed users that they strongly recommend the update of the Java client or to disable it when it is not in use. The Finnish firm also said that if users are not using Java at all, they might as well just remove it to make sure they are not victims of cyber criminals who seem to have noticed the value of hitting Apple machines. Although Mac OS X attacks are still much less common than that of Windows, there are cases such as one last week where security researchers uncovered a never-before-seen Trojan targeting Mac users known as MacControl which is said to be able to exploit a remote code execution vulnerability that existed in the same vein as the way Microsoft Office Word handled a specially crafted file that includes a malformed record.