4 Replies Latest reply: Mar 15, 2013 10:43 AM by ds store
WZZZ Level 6 Level 6 (12,220 points)

Removes a vulnerability whereby an attacker could force enable a malicious applet to run even if you have Java disabled in the browser. If you don't want to run the update immediately, then disable Java both in the browser AND in JavaPreferences.app, to be found in Utilities folder.

 

Uncheck all three checkboxes.

 

Screen shot 2013-03-15 at 10.20.29 AM.png

  • 1. Re: IMPORTANT FYI Security Update 2013-001
    Yeehat Level 1 Level 1 (40 points)

    Actually, according to http://support.apple.com/kb/HT5672 the mentioned vulnerability is removed only for 10.7 and 10.8, both client and server versions. See CoreTypes. Maybe 10.6.8 is not affected.

  • 2. Re: IMPORTANT FYI Security Update 2013-001
    WZZZ Level 6 Level 6 (12,220 points)

    Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled

    http://support.apple.com/kb/HT5672

     

    About the security content of OS X Mountain Lion v10.8.3 and Security Update 2013-001

  • 3. Re: IMPORTANT FYI Security Update 2013-001
    WZZZ Level 6 Level 6 (12,220 points)

    I stand corrected. This does not apply to 10.6.

     

    CoreTypes

     

    Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2

     

    Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled

     

    Description: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory.

    And this is only for standalone Java Web Start applications.

  • 4. Re: IMPORTANT FYI Security Update 2013-001
    ds store Level 7 Level 7 (30,305 points)

    Welcome to the "paranoid club" where we know they are out to get us!