Another week, another Java exploit: Computerworld notes that Oracle has once again updated the Java VM for all platforms to fend off a prospective exploit. The update is technically the scheduled February critical updates release, but the delivery was pushed up.

Unfortunately, while Mac users on OS X 10.7 Lion and 10.8 Mountain Lion can upgrade their JVMs using Oracle’s installer for Java 7, Snow Leopard (10.6.8) machines are out of luck. Oracle’s Java 7 installer won’t run, and as of yesterday Apple’s supplied Java 6 is blocked by Apple’s own XProtect malware shield — it won’t do applets in Safari or Firefox until it’s patched.

There are some hacky workarounds for either disabling/modifying the XProtect manifest (not recommended) or getting Java 7 to install on 10.6.8 (also not recommended) — but if you need to run Java in the browser on 10.6.8, there aren’t many better options.

Speaking of recommendations, TJ’s Reasonable Guide to Java security is a good resource for managing your risks with Oracle’s runtime.

Java updated again, Snow Leopard users cannot run browser applets originally appeared on TUAW – The Unofficial Apple Weblog on Fri, 01 Feb 2013 20:30:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments