83 replies to this topic

[AplusWebMaster]

FYI...

Java - update ugly...
- https://www.computer..._McAfee_scanner
March 24, 2011 - "Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process a security scanning tool called the McAfee Security Scan Plus with its Java updates for the Windows operating system. The software is installed by default with the Java update, so unless users notice and uncheck the McAfee installation box as they're updating Java, they'll end up downloading McAfee's software too...
Oracle bundles different products with Java in different regions, so not all Windows users may get Security Scan Plus with their Java updates. Once downloaded, the McAfee software prompts the user on a daily basis to accept McAfee's licensing terms to complete the installation. The user can cancel out of this prompt, but there is no option to decline the terms. To remove the software, the user must use the Windows "Uninstall a Program" feature. A number of users have inadvertently installed the software since Oracle started the bundling deal with Intel's McAfee subsidiary last month... Some users are unhappy, including one who posted to an Intel message board after noticing a slowdown on a family member's PC a few weeks ago, apparently after a Java update... Security Scan Plus is a 1MB download. But it uses 4MB of memory when running, a company spokeswoman said via e-mail. There are other ways to end up with it on your system. Some users have complained of downloading it as part of an Adobe reader update, and it can be picked up when downloading via Adobe's Download Center, an Adobe spokeswoman said..."

[ ...aka: "Tag-along-software installs" - 'Not the only vendors who do this...]
- https://www.ixquick.com/
"... about 1,860 for ' Tag-along software installs '"
- https://encrypted.google.com/
Tag-along software installs
"... About 644,000 results..."

Edited by AplusWebMaster, 24 March 2011 - 09:01 AM.

[AplusWebMaster]

FYI...

Java v1.6.0_25 released
- http://www.oracle.co...oads/index.html
April 22, 2011

Release Notes
- http://www.oracle.co...tes-356444.html
"Highlights: This update release contains important enhancements for Java applications:
Improved performance and stability
Java HotSpot™ VM 20
Support for Internet Explorer 9, Firefox 4 and Chrome 10
Improved BigDecimal ...
Java SE 6u25 does not add any fixes for security vulnerabilities beyond those in Java SE 6u24. Users who have Java SE 6u24 have the latest security fixes and do not need to upgrade to this release to be current on security fixes..."

Bug fixes
- http://www.oracle.co...xes-356453.html
193...

[AplusWebMaster]

FYI...

> http://www.oracle.co...011-313339.html
June 3, 2011 - "This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for June 2011, which will be released on Tuesday, June 7, 2011... This Critical Patch Update contains 17 new security vulnerability fixes..."
___

Java exploits predominate...
- http://www.informati...endly=this-page
June 01, 2011 - "... In 2011, the Java threat doesn't appear to have diminished. According to a study by Kaspersky Labs[1] that looked at malware trends from January through March 2011, Java vulnerabilities comprised a significant portion of the top 10 "most seen" vulnerabilities* on people's PCs..."
* http://blogs.technet...ts-du-jour.aspx
"... 7 of the top 10 threats are files containing exploits for Java vulnerabilities such as CVE-2008-5353, CVE-2010-0094, CVE-2010-0840 and CVE-2009-3867... many of these detections by MSS are the debris or aftermath after the exploit has already executed. By the time a user downloads and runs MSS to detect malware, the machine may have already been infected, if it was vulnerable to the exploit at the time... aside from additional malicious Java code detections... active threats were also reported on machines found to be infected by Exploit:Java/CVE-2008-5353**...
** http://web.nvd.nist....d=CVE-2008-5353
- http://web.nvd.nist....d=CVE-2009-3867
- http://web.nvd.nist....d=CVE-2010-0094
- http://web.nvd.nist....d=CVE-2010-0840
CVSS v2 Base Score: ... (HIGH)

[1] http://www.securelis...n_for_Q1_2011#9
"... In the first quarter of 2011, the number of blocked attacks stood at 254,932,299 – these attacks were carried out from web resources located in different countries all over the world..."

> http://www.microsoft...spx#section_3_1

Edited by AplusWebMaster, 03 June 2011 - 04:33 PM.

[AplusWebMaster]

FYI...

Java JRE 6 Update 26 released
- http://java.com/en/download/manual.jsp

- http://www.oracle.co...oad-400751.html
June 7, 2011
Windows x86 15.85 MB jre-6u26-windows-i586.exe
Windows x64 16.14 MB jre-6u26-windows-x64.exe

Release Notes
- http://www.oracle.co...tes-401875.html
This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE Critical Patch Update advisory*.

* http://www.oracle.co...ml#AppendixJAVA
CVSS Base Score 10.0: CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0871, CVE-2011-0873
Other: CVE-2011-0786, CVE-2011-0788, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0872

Download Java for your desktop computer
> http://java.com/en/download/index.jsp
___

- http://www.securityt....com/id/1025610
CVE Reference: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...
A remote user can create a Java applet or Java Web Start application that, when loaded by the target user, will access or modify data or execute arbitrary code on the target user's system. A remote user can cause partial denial of service conditions on the target system.
Solution: The vendor has issued a fix...

- http://secunia.com/advisories/44784/
Last Update: 2011-06-10
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Solution Status: Vendor Patch...
... versions prior to 1.6.0_26...

Quick test here: http://javatester.org/version.html
___

IBM Java v6.0.0 SR9 FP2 released
- http://secunia.com/advisories/45206/
Release Date: 2011-07-13
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873
Solution: Update to version 6.0.0 SR9 FP2.
Original Advisory: http://www.ibm.com/d...ava/jdk/alerts/

Edited by AplusWebMaster, 19 July 2011 - 07:48 AM.

[AplusWebMaster]

FYI...

Java JRE v7 released
- http://www.oracle.co...oad-432155.html
July 28 2011

JDK 7 and JRE 7 Supported System Configurations
- http://www.oracle.co...fig-417990.html

Security Enhancements
- http://download.orac...ancements7.html

Release Notes
- http://www.oracle.co...tes-429209.html

Changes in Java SE 7
- http://www.oracle.co...59.html#changes

Known Issues
- http://www.oracle.co...tml#knownissues
___

- http://h-online.com/-1288208
29 July 2011 - "9494 bug fixes, 1966 enhancements, 9018 updates, 147 builds and four specification requests have gone into developing the latest Java Platform 7 and Oracle has now released JDK 7 as a general availability release. It is the first major release of the Java development environment since Oracle's takeover of Sun Microsystems..."

Edited by AplusWebMaster, 30 July 2011 - 11:05 AM.

[AplusWebMaster]

FYI...

- https://isc.sans.edu...l?storyid=11506
Last Updated: 2011-09-05 13:44:59 UTC ...(Version: 2)
___

Java JRE 6 Update 27 released
- http://www.oracle.co...oad-440425.html
August 17, 2011
Windows x86 ... jre-6u27-windows-i586.exe
Windows x64 ... jre-6u27-windows-x64.exe

Release Notes
- http://www.oracle.co...tes-444147.html

Bug Fixes
- http://www.oracle.co...xes-444150.html

NOTE:
• https://www.java.com...d/faq/java7.xml
Java7: "... The new release of Java is first made available to the developers to ensure no major problems are found before we make it available on the java.com website for end users to download the latest version..."

Edited by AplusWebMaster, 05 September 2011 - 10:30 AM.

[AplusWebMaster]

FYI...

Java exploitation remains high ...
- https://blogs.techne...e...&GroupKeys=
13 Oct 2011 - "... Most Frequent Exploits: ... Java exploitation remains high... The top four Java exploits are CVE-2010-0840, CVE-2008-5353, CVE-2010-0094, and CVE-2009-3867..."
- http://web.nvd.nist....d=CVE-2008-5353
- http://web.nvd.nist....d=CVE-2009-3867
- http://web.nvd.nist....d=CVE-2010-0094
- http://web.nvd.nist....d=CVE-2010-0840

Exploit Detections (charted)
> http://www.microsoft...-111012-002.png

[AplusWebMaster]

FYI...

Java 7 Update 1 released
Release Notes / Bug Fixes
- http://www.oracle.co...tes-507962.html
October 18, 2011 - "... version number for this update release is 1.7.0_1-b08 (where "b" means "build"). The external version number is 7u1..."

Downloads
- http://www.oracle.co...oad-513652.html
Windows x86 jre-7u1-windows-i586.exe
Windows x64 jre-7u1-windows-x64.exe
___

Java 6 Update 29 released
Release Notes / Bug Fixes
- http://www.oracle.co...tes-507960.html
October 18, 2011 - "... version number for this update release is 1.6.0_29-b11 (where "b" means "build"). The external version number is 6u29..."

Downloads
- http://www.oracle.co...oad-513650.html
Windows x86 jre-6u29-windows-i586.exe
Windows x64 jre-6u29-windows-x64.exe
___

Oracle Java SE Critical Patch Update Advisory - October 2011
- http://www.oracle.co...ml#AppendixJAVA
"... contains 20 new security fixes for Oracle Java SE. 19 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password...
... Supported Versions Affected: JDK and JRE 7, 6 Update 27 and before..."
___

JRE Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service
- http://www.securityt....com/id/1026215
CVE Reference: CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561
Date: Oct 19 2011
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network.
Version(s): JDK and JRE 7; JDK and JRE 6 Update 27 and prior; JDK and JRE 5.0 Update 31 and prior; SDK and JRE 1.4.2_33 and prior.
... vendor has issued a fix... advisory is available at:
http://www.oracle.co...011-443431.html

- https://secunia.com/advisories/46512/
Release Date: 2011-10-19
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Oracle Java JDK/JRE SE 1.7.x / 7.x, JDK/JRE 1.6.x / 6.x, JDK/JRE 1.5.x, JDK/JRE 1.4.x
Description: Multiple vulnerabilities have been reported in Oracle Java SE, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
... see the vendor's advisory for details...
http://www.oracle.co...011-443431.html

Edited by AplusWebMaster, 19 October 2011 - 06:04 AM.

[AplusWebMaster]

FYI...

IBM Java - multiple vulns - update available
- https://secunia.com/advisories/46977/
Release Date: 2011-11-23
Criticality level: Highly critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Software: IBM Java 5.x ...
CVE Reference(s): CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556
Solution: Update to version SR13.
Original Advisory: http://www.ibm.com/d...ava/jdk/alerts/

> https://www.ibm.com/...works/java/jdk/
___

- http://web.nvd.nist....d=CVE-2011-3547
CVSS v2 Base Score: 5.0 (MEDIUM)
- http://web.nvd.nist....d=CVE-2011-3552
CVSS v2 Base Score: 2.6 (LOW)
- http://web.nvd.nist....d=CVE-2011-3545
- http://web.nvd.nist....d=CVE-2011-3548
- http://web.nvd.nist....d=CVE-2011-3549
- http://web.nvd.nist....d=CVE-2011-3554
Last revised: 10/30/2011
CVSS v2 Base Score: 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3556
CVSS v2 Base Score: 7.5 (HIGH)

Edited by AplusWebMaster, 23 November 2011 - 09:41 PM.

[AplusWebMaster]

FYI...

Java 6u30 / 7u2 released
- http://www.oracle.co...es-1394870.html
Dec. 12, 2011 - "... a notable bug fix for Java SE 6u30:
Area: JSSE: Runtime Synopsis: REGRESSION - 6u29 -breaks- ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA . It is strongly encouraged that applications using JSSE (SSL/TLS) be upgraded to this release to have access to the latest changes that address this recent vulnerability: Under certain circumstances, Java SE 6u29* will incorrectly throw an IndexOutOfBoundsException or send an extra SSL/TLS packet..."
* http://bugs.sun.com/...?bug_id=7103725
Related: http://web.nvd.nist....d=CVE-2011-3389
Last revised: 12/13/2011

- http://www.oracle.co...es-1394228.html
Dec. 12, 2011 - "... 7u2 does -not- add any fixes for security vulnerabilities beyond those in Java SE 7u1. Users who have Java SE 7u1 have the latest security fixes and do not need to upgrade to this release to be current on security fixes..."

Bug Fixes... in Java SE 6u30:
- http://www.oracle.co...es-1394936.html
Bug Fixes... in Java SE 7u2:
- http://www.oracle.co...es-1394661.html

Downloads: http://www.oracle.co...oads/index.html

JRE 6u30: http://www.oracle.co...ad-1377142.html

JRE 7u2: http://www.oracle.co...ad-1377135.html
___

- https://krebsonsecur...t-windows-java/
December 13, 2011 - "... specific details of the flaws* fixed in this update..."

* Exploitable bugs fixed in update 30
- https://krebsonsecur...date30notes.txt
http://bugs.sun.com/...?bug_id=6761678
http://bugs.sun.com/...?bug_id=6670868
http://bugs.sun.com/...?bug_id=7041800
http://bugs.sun.com/...?bug_id=6682380
http://bugs.sun.com/...?bug_id=7103725
___

IBM Java updated...
- https://secunia.com/advisories/47464/
Release Date: 2012-01-09
Criticality level: Highly critical
Impact: Hijacking, Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
Software: IBM Java 1.4.x, IBM Java 6.x ...
Solution: Update to version 1.4.2 SR13-FP11 or 6.0.0 SR10.
Original Advisory: http://www.ibm.com/d...ava/jdk/alerts/
Oracle October 18 2011 CPU
... more information:
- https://secunia.com/advisories/46512/
Last Update: 2011-10-27
Criticality level: Highly critical
Oracle: http://www.oracle.co...011-443431.html
Java SE Critical Patch Update Advisory - October 2011
JDK and JRE 7 Java SE
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
IBM: http://blog.watchfir..._exhaustion.pdf

IBM Security Bulletins - Quarterly Summaries
- http://www-03.ibm.co.../bulletins.html
"... Starting in 2012, IBM will post a summary of its Security Bulletins from the previous Quarter on the 2nd Tuesday of January, April, July and October. The next four dates are:
January 10, 2012
April 10, 2012
July 10, 2012
October 9, 2012".

IBM Product Security Incident Response Blog
- https://www.ibm.com/blogs/PSIRT

Edited by AplusWebMaster, 24 January 2012 - 06:05 AM.

[AplusWebMaster]

FYI...

Java update advisory - Feb 2012
- http://www.oracle.co...012-366318.html
2012-February-17 Rev 2. Replaced CVE-2011-3571 with CVE-2012-0507
2012-February-14 Rev 1. Initial Release
2012-February-14 - "... Affected product releases and versions:
JDK and JRE 7 Update 2 and earlier, JDK and JRE 6 Update 30 and earlier, JDK and JRE 5.0 Update 33 and earlier, SDK and JRE 1.4.2_35 and earlier, JavaFX 2.0.2 and earlier, JavaFX...
>> http://www.oracle.co...oads/index.html
"... Java SE 7u3 - This release includes security fixes... Java SE 6 Update 31 - This release includes security fixes..."

Java JRE 7u3:
- http://www.oracle.co...ad-1501631.html
Release Notes:
- http://www.oracle.co...es-1481928.html
"... version number for this update release is 1.7.0_03-b04 (b05 in Windows, where "b" means "build"). The external version number is 7u3..."

Java JRE 6u31:
- http://www.oracle.co...ad-1501637.html
Release Notes:
- http://www.oracle.co...es-1482342.html
"... version number for this update release is 1.6.0_31-b04 (b05 in Windows, where "b" means "build")..."
___

- http://www.securityt....com/id/1026687
CVE Reference:
- http://web.nvd.nist....d=CVE-2011-3563 - 6.4
- http://web.nvd.nist....d=CVE-2012-0497 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0498 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0499 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0500 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0501 - 5.0
- http://web.nvd.nist....d=CVE-2012-0502 - 6.4
- http://web.nvd.nist....d=CVE-2012-0503 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0504 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0505 - 7.5 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0506 - 4.3
- http://web.nvd.nist....d=CVE-2012-0508 - 10.0 (HIGH)
Date: Feb 14 2012
Impact: Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): 1.4.2_35 and prior, 5.0 Update 33 and prior; 6 Update 30 and prior; 7 Update 2 and prior...
The vendor's advisory is available at:
- http://www.oracle.co...012-366318.html

- https://secunia.com/advisories/48009/
Release Date: 2012-02-15
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
Original Advisory:
- http://www.oracle.co...012-366318.html

Edited by AplusWebMaster, 03 April 2012 - 01:29 PM.

[AplusWebMaster]

FYI...

Java exploit code available for recently patched vuln ...
ZDI-12-039: Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution
- http://atlas.arbor.n...dex#-2068343742
Severity: High Severity
Feb 24, 2012 - "Exploit code is available for a recently patched Java vulnerability.
Analysis: Oracle patched a series of Java security issues in February and at least one of these issues now has publicly available exploit code, as published in the Metasploit framework. While Metasploit is intended for authorized penetration testing purposes, attackers have no such scruples and will happily leverage freshly published exploit code to develop their own and incorporate the exploit into their malware kits. Such exploits also pay off for the attackers who launch targeted attacks, as many targets do not patch in a timely manner."
Source: http://www.zerodayin...ies/ZDI-12-039/
___

- https://isc.sans.edu...l?storyid=12838
Last Updated: 2012-03-25 17:04:16 UTC - "... In slight modification of Oracle's own words: 'We highly recommend users remove all older versions of Java from your system. Keeping old and unsupported versions of Java on your system presents a serious security risk...' ..."

Edited by AplusWebMaster, 01 April 2012 - 10:22 AM.

[AplusWebMaster]

FYI...

Critical Java hole being exploited on a large scale ...
- http://atlas.arbor.n...dex#-1937641784
Severity: High Severity
Published: Wednesday, March 28, 2012 19:20
Java security vulnerability patched in February is now being used widely by criminals to install malware.
Analysis: Patch! Watch for outdated Java on the network as the presence of old Java User-Agents is often a sign that a system has been exploited and Java is now doing the attackers bidding, typically downloading something evil.
Source: http://h-online.com/-1485681
Update 29-03-12: "... Until an update is released that addresses the vulnerability, Mac OS X users can turn off Java. Users can disable Java via Java Preferences (Applications > Utilities > Java Preferences) by unchecking the installed version. Alternatively, users can disable Java in each of their browsers; in Apple's Safari browser, this can be done by unchecking the "Enable Java" and "Enable JavaScript" under the Security tab in Safari's Preferences..."
* http://www.h-online....iew=zoom;zoom=2
___

- http://atlas.arbor.n...index#-51701177
Elevated Severity
March 30, 2012
Source: http://blog.eset.com...507-and-carberp

Mac Flashback Exploiting Unpatched Java Vulnerability
- https://www.f-secure...s/00002341.html
April 2, 2012

Edited by AplusWebMaster, 03 April 2012 - 05:16 AM.

[AplusWebMaster]

FYI...

- http://www.oracle.co...rts-086861.html
"... For Oracle Java SE Critical Patch Updates, the next three dates are:
12 June 2012
16 October 2012
19 February 2013 ..."
___

IBM Java 5 update released
- https://secunia.com/advisories/48915/
Release Date: 2012-04-20
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-3389, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499 CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
Solution: Update to version 5.0 SR13-FP1.
Original Advisory: http://www.ibm.com/d...ava/jdk/alerts/

IBM Java 6 update released
- https://secunia.com/advisories/48913/
Criticality level: Highly critical
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote
CVE Reference(s): CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
Solution: Update to version 6 SR10-FP1.
Original Advisory: http://www.ibm.com/d...ava/jdk/alerts/

Edited by AplusWebMaster, 23 April 2012 - 08:15 AM.

[AplusWebMaster]

FYI...

Java v.6u32/v.7u4 released
> http://www.oracle.co...oads/index.html
___

Java SE Runtime Environment 7u4 - Download
- http://www.oracle.co...ad-1591157.html
April 26, 2012

Release notes
- http://www.oracle.co...es-1575007.html
"... Bug Fixes: Java SE 7u4 does -not- add any fixes for security vulnerabilities beyond those in Java SE 7u3..."

Bug Fixes - Java SE 7u4
- http://www.oracle.co...es-1579555.html

- http://h-online.com/-1562140
27 April 2012 - "The new Java Standard Edition 7 Update 4 is the first Oracle-sponsored Java release that has been made available for Mac OS X (Lion)... Java SE 7 Update 4 can be downloaded for Macs, as well as Windows and Linux..."
- http://www.oracle.co...ds-1591156.html
___

Java SE Runtime Environment 6 Update 32 - Download
- http://www.oracle.co...ds-1594646.html
April 26, 2012

Release notes
- http://www.oracle.co...es-1578471.html

Bug Fixes - Java SE 6u32
- http://www.oracle.co...es-1579554.html

Java 6 End of Life (EOL) Notice
- http://www.oracle.co...eol-135779.html
After November 2012, Oracle will no longer post updates of Java SE 6 to its public download sites...
___

Oracle to bring Java security fixes directly to Mac user ...
- http://atlas.arbor.n...dex#-1272909644
Severity: Elevated Severity
Published: Monday, April 30, 2012 16:24
Oracle is now providing a direct version of Java to OSX users.
Analysis: This is a positive development that will hopefully reduce OSX malware. The lag in patch time between Oracle and Apple has been a thorn in the side of security for some time and the pain of the recent Flashback trojan, the SabPub trojan, and now another OSX malware using the same Java security hole has been significant enough that users should migrate towards Oracle Java as soon as possible. Cyber criminals are aware that OSX is a viable platform for malware, and will have their eyes open for other gaps in coverage.
Source: http://arstechnica.c...jdk-support.ars

.

Edited by AplusWebMaster, 01 May 2012 - 12:07 PM.