Featured White Papers

• Measuring Risk to Improve Java Software Quality
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• Graph databases are 1000x faster than relational.

  Learn More!

• Career opportunities at Harman- Careers That'll Rock Your Socks Off.

  Learn More!

• Developer-friendly Java PDF libraries by Qoppa Software

  Live Demos

• Stop blaming your app! Diagnose Java performance issues.

  Free tool >

• UrbanCode: Go From Continuous Integration to
  Continuous Delivery

  Learn More!

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Apple keeps patching Java on OS X Snow Leopard after proposed drop-dead date

Apple adds site-by-site Java management tool for all Safari browser users

By Gregg Keizer, Computerworld, 04/17/13

Page 2 of 2

Apple has published a support document outlining how the new site-by-site Java permission manager operates.

The new Safari tool may come in handy: Hackers have turned up the heat on Oracle in the past year, exploiting a succession of Java vulnerabilities, including several so-called "zero-day" bugs, or unpatched -- and in some cases even unknown -- flaws.

A year ago, for instance, cybercriminals infected more than 600,000 Macs in the widespread "Flashback" malware campaign by exploiting a Java vulnerability that Oracle had fixed, but Apple had not. It was easily the biggest-ever security event on OS X, and a major embarrassment for Apple, which, in response, changed its Java patch cadence to match Oracle's.

OS X Lion and Mountain Lion users running Java 7 will also see new messages that appear in their browser of choice when attempting to launch a Java applet. Those messages, which were called confusing by U.K.-based security vendor Sophos, display small icons or badges that represent various risks.

The next scheduled Java security update is set for release by Oracle on June 18. Unless Apple changes its mind on Snow Leopard, it will also issue patches the same day for that version of OS X as well as for Lion and Mountain Lion.

Safari now lets users define the websites allowed to run Oracle's bug-plagued Java software in the browser's Preferences console. (Image: Apple.)

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about MacOS X in Computerworld's Mac OS X Topic Center.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.