Apple has released a new patch for Java. The patch will be available to users of OS X 2012-005, Mac OS X 10.6, and OS X Lion and Mountain Lion is known that this patch closes the vulnerability CVE-2012-0547. However, as the experts, it does not close vulnerability CVE-2012-4681, which recently most often used by malicious hackers.
Oracle has released a patch for CVE-2012-4681 last week. However, the specialists of Security Explorations, who first discovered the vulnerability, warning that the patch itself contains a vulnerability. At this point, they refuse to disclose any details. However, most experts, as before, are urging Internet users to disable Java in the browser at least, used as the core, as most sites do not require the inclusion of Java to work properly. For sites that require the inclusion of Java, experts recommend the use of alternative browsers.
A bright example of the risk of vulnerabilities in Java for users of Mac, could be the fact that the experts of the company “Doctor Web”, a Russian developer of IT security, managed to find about 600,000 Macs infected by the Trojan BackDoor.Flashback.39 and integrated into a botnet (a network of infected computers ). For breaking data workstations just used Java vulnerability (CVE-2012-0507). Apple has released a patch that vulnerability in Java only in April this year, a few months later than Oracle.