Java update for OS X patches Flashback malware exploit

Following the recent Flashback malware developments for OS X where unpatched vulnerabilities in the latest Java runtime for OS X were being exploited, Apple has issued an update that brings Java up-to-date and patches these vulnerabilities.

The patch is available via Software Update for systems that have Java installed, but can also be downloaded from the following Apple support Web pages. The update is available only for OS X 10.6 and 10.7, since Apple has stopped supporting prior versions of OS X.

• Java for Mac OS X 10.6 Update 7
• Java for OS X Lion 2012-001

These updates specifically patch the CVE-2012-0507 vulnerability that was being used by the Flashback malware to exploit Mac systems, but in addition it has patched a number of other vulnerabilities in version 29 of the Java 1.6.0 VM. This latest update should bring the installed version of Java 1.6.0 to version 31.

If you have Java installed, you can check the version in the Java Preferences utility in your /Applications/Utilities/ folder, or you can launch the Terminal and run the command "java -version" to see an output of the current active version on your system.

This update is highly recommended for people with Java installed on their systems, as it patches an exploit that is actively being pursued by malware developers, so be sure to back up your systems and install this update as soon as possible to close off this avenue for attack.

While Apple has been criticized for lagging behind in its support of Java updates, this update has been released in less than a week since the initial reports of the latest Flashback malware variant.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.