First the bad news: a rather serious zero-day exploit has been discovered in all currently-supported versions of Java. And yes, this sort of exploit can be used to hijack a machine. Now the good news: Apple stopped bundling Java back in 10.6, and this exploit is a proof-of-concept and has been submitted to Oracle, who should be working on a fix as we speak.

If you don’t need Java, we don’t recommend installing it on Lion or Mountain Lion machines. If you do use Java, always be sure to install the latest patches. Oracle is due to issue more patches in mid-October.

Bottom line: this exploit is NOT in the wild, has not been seen active on any machines, but exists as a flaw in Java. Unless someone independently discovers it and decides to actually exploit the flaw, you’ll be fine — and a patch should be coming soon.

New Java zero-day covers all versions, could affect Macs originally appeared on TUAW – The Unofficial Apple Weblog on Thu, 27 Sep 2012 13:00:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments

You can follow on Twitter or join our Facebook page to keep yourself updated on all the latest from Apple and the Web.