Apple recently released security updates for Mac OS X in order to address the various security vulnerabilities associated with Flash and Java. According to an Apple update report, the security update is designed to prevent various malicious applications purporting to be harmless codes or apps that could bypass the security measures implemented in the Java 7 and Flash players.
Adobe Flash Player Updates Released
In order to address the security holes in the older version of Flash players, Apple has blocked the older version of Flash and enforced a minimum security requirement for the newer Flash players through its Xprotect anti-malware system. This aims to block malicious Java programs from getting into the Mac devices. Ars Technica reported that Adobe addressed that issue with a new update for their product. Flash Player update 11.5.502.149 can be manually downloaded by Flash Player users. It is also available as an automatic update for Flash users who opted for an automatic update of the product.
Wild attacks have been reported using malicious Flash content on various Mac and Windows computers, targeting the Flash Player running in the Safari or Firefox platforms. In some instances, the users are tricked into opening a Word document from Microsoft that has the malicious Flash content. Apple released a new document that will guide Mac users on how to safely download the latest update on Flash Player that will remove the threat of Flash player plug-in vulnerability.
Java 7 Plugin Security Threat Blocked by Apple
Once vulnerabilities in Java 7 were discovered, Apple was quick to address the issue by blocking the Java 7 plugin extension in Macs. Apple’s Xprotect.plist blacklist was immediately updated to require using the latest Java 7 1.7.0_10-b19 version on Mac computers. The older version of Java 7 that is available in the public is the 1.7.0_10-b18 and if you are using this version, Apple’s anti-malware security system will continue to block the program on your Mac. ZDNEt noted that the US Department of Homeland Security also recommends disabling the entire patch of the Java 7 browser available in Oracle. Using the older Java 7 plugin poses the risks of identity theft and botnets running through your computer networks that are capable of carrying out denial of service attacks.
Apple used to run its own Java service in OS X, but later moved towards using Oracle in order to keep up with the latest Java updates in their devices. The risk of the malicious Java software is high among users who manually downloaded the public Java 7 program on their devices. An unconfirmed report has it that the Java 6 is vulnerable as well. The multiple vulnerabilities in Oracle Java 7 were revealed by the National Vulnerability Database, stating that the attackers execute arbitrary code that bypasses the security check.
Security loopholes covered by Apple security updates
Apple was quick in making the necessary updates which led to the release of the OS X Mountain Lion v10.8.4 and Safari 6.0.5. Among the updated features include improvement in handling cookies that could allow attackers to access the user’s session log, even when private browsing is used; prevention of arbitrary code execution from maliciously crafted sites; stronger authentication process and improved bounds checking. It’s important to make sure you have these updates.
As a web developer and writer, I enjoy answering your questions on Apple, Android and Google, so feel free to ask.
~ Stacy