Apple Pushes Fixes for 11 Java Vulnerabilities in Mac OS X
Modernizing Authentication — What It Takes to Transform Secure Access
Apple has pushed out the fixes for the Java remote code vulnerabilities Oracle patched earlier this month, including a serious flaw that allowed Java applet code to escape from the sandbox and run as if it were a local, trusted program.
Apple pushed out a Mac OS X update patching 11 Java vulnerabilities. Oracle fixed these bugs 20 days ago.
The Java for Mac OS X update fixed various vulnerabilities in Mac OS X, Apple said in its knowledgebase article June 28. The update addresses the long list of Java vulnerabilities Oracle patched for all other systems as Java SE 6 1.6.0_26 on June 8.
The Mac update patched several remotely exploitable vulnerabilities that can be triggered while browsing to launch drive-by attacks. In this particular attack, cyber-criminals can trick browsers and PDF readers into downloading and running malicious code without notifying the user or popping up any warning messages. The most "serious" vulnerability addressed in this update allowed Java applet code to escape from the sandbox and run as if it were a local, trusted program with the privileges of the current user, Apple said.
"That's never supposed to happen, and it's always bad," Paul Ducklin, head of technology at Sophos, wrote on the NakedSecurity blog.