Java patched again, Snow Leopard users blocked from older version (Updated)
Update: Apple's Java team has quickly responded to the patch with a revised JVM for Snow Leopard, OS X 10.6. The Java for Mac OS 10.6 Update version 12 (APPLE-SA-2013-02-01-1) is available in Software Update, according to an Apple security email. It updates Java to 1.6.0_39.
Another week, another Java exploit: Computerworld notes that Oracle has once again updated the Java VM for all platforms to fend off a prospective exploit. The update is technically the scheduled February critical updates release, but the delivery was pushed up.
Unfortunately, while Mac users on OS X 10.7 Lion and 10.8 Mountain Lion can upgrade their JVMs using Oracle's installer for Java 7, Snow Leopard (10.6.8) machines are out of luck. Oracle's Java 7 installer won't run, and as of yesterday Apple's supplied Java 6 is blocked by Apple's own XProtect malware shield -- it won't do applets in Safari or Firefox until it's patched.
There are some hacky workarounds for either disabling/modifying the XProtect manifest (not recommended) or getting Java 7 to install on 10.6.8 (also not recommended) -- but if you need to run Java in the browser on 10.6.8, there aren't many better options.
Speaking of recommendations, TJ's Reasonable Guide to Java security is a good resource for managing your risks with Oracle's runtime
Software Updatesmore updates
- Apple Remote Desktop updated with Yosemite support
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter