Apple released a Java update on Wednesday 5th September. Java for OS X 2012-005 and Java for Mac OS X 10.6 Update patch versions of Java for OS X Lion and Mountain Lion but only fix the issues found in CVE-2012-0547. This update doesn’t address the CVE-2012-4681 exploit. Anyone remember the Flashback Trojan which exploited a Java bug?
The CVE-2012-4681 mega update from Oracle last week patched CVE-2012-4681, which saw a patch for the vulnerable Java Runtime Environment (RTE) 1.7, is claimed now to be unstable. So my advice would be to uninstall CVE-2012-4681 right now, until that is Oracle and Apple come back with stable patch.
Simple tips – How to: (using popular browsers)
- Uninstall Java or disable the Java browser plugins on Safari and Firefox
- Disable Java in Chrome – copy and paste chrome://plugins/ into the browser bar > hit ‘Return’ and scroll down to Java plugin and click > Disable
- Disable Java in Opera – configure plug-ins to only execute on demand by selecting Opera > Settings -> Preferences… > Advanced > Enable plug-ins only on demand
- Disable Java in Internet Explorer – Tools > Manage add-ons > Scroll down in the right window until you find the two plug-ins: Java(tm) Plug-In 2 SSV Helper and Java(tm) Plug-In SSV Helper > click on one of the above and click ‘Disable’. Both plug-ins should now be disabled. Note: Where it says “Show” click on the drop down and choose > All add-ons – otherwise you will be unable to see ALL add ons
- Use a second browser for say banking or financial websites that use Java (not your primary browser)
Safe surfing folks!
Bootnote: This update configures the Java plug-in to deactivate when no applets are run for an extended period of time. If the prior update named “Java for OS X 2012-004” was not installed, this update will disable the Java web plug-in immediately. Java applets may be re-enabled by clicking the region labeled “Inactive plug-in” on a web page.