New Java zero-day covers all versions, could affect Macs
First the bad news: a rather serious zero-day exploit has been discovered in all currently-supported versions of Java. And yes, this sort of exploit can be used to hijack a machine. Now the good news: Apple stopped bundling Java back in 10.6, and this exploit is a proof-of-concept and has been submitted to Oracle, who should be working on a fix as we speak.
If you don't need Java, we don't recommend installing it on Lion or Mountain Lion machines. If you do use Java, always be sure to install the latest patches. Oracle is due to issue more patches in mid-October.
Bottom line: this exploit is NOT in the wild, has not been seen active on any machines, but exists as a flaw in Java. Unless someone independently discovers it and decides to actually exploit the flaw, you'll be fine -- and a patch should be coming soon.
Keep an eye out for patches.
Subscribe to Newsletter
Software Updatesmore updates
- Daylite 5 adds refinements to the business management app
- 1Password 4.5 for iOS gains features, slims down
- IFTTT for iPad brings service/device mashups to your favorite tablet
- Daily App: Rormix brings indie music videos to your iPhone and iPad
- Pebble updates its iOS app with new apps, sharing options and v2.1 fix
- PSA: Pebble for iOS v.2.1 update contains critical flaw that breaks the app - Update