MAKER OF SHINY TOYS Apple has released a security patch to keep Mac OS X users safe from 40 vulnerabilities that were recently found in Oracle's Java platform.
The firm issued the update a few hours after Oracle announced the critical patch, promising to protect its Mac OS X user base from a number of Java vulnerabilities.
Apple warned in its support centre that the most serious vulnerabilities exist in Java 1.6.0_45, which could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. The firm warned that visiting a webpage containing such an untrusted Java applet could lead to execution of malicious code with the privileges of the current user.
The Java for Mac OS X 2013-004 and Mac OS X v10.6 Update 16 patches are available for download now on Apple's website. They cover OS versions Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7, OS X Lion Server v10.7 and OS X Mountain Lion v10.8.
The Mac OS X patches build on top of Oracle's update, also released on Tuesday but made for other operating systems. Apple confirmed that it relates to 40 vulnerabilities in the Java platform and called for users to update as quickly as possible to protect themselves from opportunistic cyber crooks.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products, of which 4 are applicable to server deployments of Java," Oracle said in its release.
The patch is the latest development in Oracle's ongoing battle to secure Java. Since the year began the enterprise giant has been forced to release a number of security updates, one of which was off cycle, to address a number of Java vulnerabilities. The number of vulnerabilities found and fixed in Java has increased significantly this year compared to the past two years, and it seems that the problem is ever increasing, with Apple having to play catch-up. µ
The top 10 stories from the past seven days
Meet the latest flagship killer from China
Plus, it's goodbye to Device Assist
Vulnerabilities in the iOS sandbox thankfully found by the good guys