Breaking News on today's Java hacking and Apple's fix—anyone know how to get the fix?

When/if Apple publishes it, it will be available through Software Update - if relevant to your version of OS X.

While we await a formal announcement from Apple, and that may not be forthcoming as they often simply issue a security update via Software Update, us mere mortals can only go by news reports like the one you saw, and this one:

http://www.bbc.co.uk/news/technology-21510791

Java has long been, and remains, a security risk, and for most users it is wise to switch it off (not to be confused with the unrelated Javascript which can be left on), as previous experience has shown:

Apple barred Java from running on Macs, leaving companies that rely on Java plug-ins out in the cold.

Apple blocked Java 7 Update 11 by adding it to the banned list in XProtect.

This was the second time in two weeks that Apple has blocked Oracle's code from running on Macs. This time Java is blocked through Apple's XProtect anti-malware feature.

Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Then in August Macs were again at risk due to a flaw in Java, this time around, there was good news for Mac users: Thanks to changes Apple has made, most of us were safe from the threat.

Unwilling to leave its customers open to potential threats Apple decided it's safer to block Java entirely.

Macs running OS X Snow Leopard and beyond are affected.

UPDATE for those running Lion or Mountain Lion:

Oracle on Friday February 1 released a new version reportedly addressing vulnerabilities seen with the last build.

Apple disabled Java 7 through the OS X XProtect anti-malware system, requiring users to have at least version "1.7.0_10-b19" installed on their Macs. The release dated February 1 carries the designation "1.7.0_13-b20," meeting Apple's requirements.

Oracle "strongly recommends" applying the CPU fixes as soon as possible, saying that the latest Critical Patch Update contains 50 new security fixes across all Jave SE products.

Update for Snow Leopard users:

Apple have issued update 12 for Java for OS 10.6:

http://support.apple.com/kb/DL1573

Note: On systems that have not already installed Java for Mac OS X 10.6 update 9 or later, this update will configure web browsers to not automatically run Java applets. Java applets may be re-enabled by clicking the region labeled "Inactive plug-in" on a web page. If no applets have been run for an extended period of time, the Java web plug-in will deactivate.

None of the above refers to the current 'security scare'.

UPDATE

Apple have today issued this security update regarding java:

http://support.apple.com/kb/HT5666

As Klaus1 said: when it is available, Apple will let you know through software update. Apple generally does not announce fixes in advance; it is also not advised to download something that may not be specifically for your configuration and could cause more harm than good.

Just ran Software Update and the Java update is available.

Update or not, I wouldn't run Java anywhere, forever.

No Java available for me - thank goodness! (Obviously because I don't have it installed in the first place).

Ahh, I just realized: it's for Mac OS 10.6 apparently....... (I'm on ML).

I never installed the Java 7 on my MacAir and removed Java permanently.

Hit APPLE " top left"

OPEN SYSTEM PREFERENCES

CLICK ON JAVA button "bottom"

General Tab

CLICK ON

Blue "See security tab"

UN - TICK the box.

This will stop the variability in java browsers that is being exploited

until java fixes there product.

Jordan T wrote:

CNBC Business channel just had a Breaking News report on a fix Apple has provided to check your computer and find out whether there has been any malicious activity through Java. But my Software Update doesn't have anything and I can't find anything about it on the Apple Support site.

If you are actually still running OS X 10.5.8 as indicated in your profile, there is no fix for you and I feel confident there never will be.

You must upgrade your OS to at least 10.6.8 (preferably further if you are able) before you will be able to get your "Java fix."

my Software Update doesn't have anything and I can't find anything about it on the Apple Support site. Has anybody gotten the fix? How do you access it?

As MadMacs0 has already pointed out, if you're running 10.5.8, there is no fix. Your machine has a vulnerable version of Java, and will continue to until you get a newer system. If you turn off Java in your web browser, that should make you safe from these Java exploits, but you would be better off to upgrade to a newer system.

If your profile is outdated and you are running 10.7 or 10.8, then you may not have Java installed at all, in which case the update will not show up.

Note that the "malware removal tool" is not really a standalone tool that you can run manually. The tool is a part of the update, and you'll never even know the tool was there unless you are infected when the update is installed... in which case, you will see an alert saying that the malware was removed.

WZZZ wrote:

Update or not, I wouldn't run Java anywhere, forever.

What a luddite. I've run in all three OSs without any issues.👿

Java's installed in ML, just not the Java Runtime Environment component. I'd update to the latest, then just disable it via the Java prerfPane.

baltwo wrote:

WZZZ wrote:

Update or not, I wouldn't run Java anywhere, forever.

What a luddite. I've run in all three OSs without any issues.👿

I meant in the browser and for any site. That wasn't clear?