Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Another OS X Java Patch SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another OS X Java Patch

Only a couple days after releasing the critically late Java patch (2012-001), Apple released another Java update. At this point, Apple's site doesn't mention what this new patch fixes, or why it was released. But eventually, you may see details at http://support.apple.com/kb/HT1222 . Too bad that Apple isn't getting its security house in order. It appears that OS X has reached a level of market penetration that would require a company with a meaningful security response capability behind it.

Just a couple of additional pointers for OS X security:

- Sophos is making a free Antivirus product for OS X. I am running it for a few months now without bad side effects. http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

- You can try and enable "Gatekeeper" on OS X Lion. This feature will prevent unsigned software from running. This feature will be fully integrated once the next version of OS X (Mountain Lion, OS X 10.8) arrives, but has been included in OS 10.7.3 . To activate it, you need to run: sudo spctl --enable . Expect it to complain about a lot of "normal" software as most OS X software right now is not yet signed. (but you can always allow it to still run). 

Otherwise: Keep good backups... 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019

Johannes

3677 Posts
ISC Handler
Mac OS X SME in our organization got this from Apple:

Java Update 2012-002 is intended to supplant Java Update 2012-001; it is the same Java version and is not a cumulative update. An issue was found with the Lion release of 2012-001 shortly after the update was originally posted, and it was replaced with a new build.

A new version and receipt are required to ensure that any clients that had previously installed 2012-001 would be able to install 2012-002.

To further clarify: 2012-002 is intended to replace 2012-001. Clients that have previously installed 2012-001 will be offered 2012-002 via Software Update. Clients that have not installed either update will only be offered 2012-002. As the issue only affected Lion clients, a new build was not required for Snow Leopard and those machines will only be offered 2012-001. If you're using an internal software update solution, and you have not yet provided 2012-001 to your clients, you will only to supply them with 2012-002.

Product Engineering has indicated that they are working to revise the release notes to reflect the new version.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!