Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Java for OS X 2013-002 and Java for Mac OS X 10.6 Update 14

   Agen G. N. Schmitz

   Less than two weeks after its last Java updates, Apple has released
   [1]Java for OS X 2013-002 for OS X 10.8 Mountain Lion and 10.7 Lion and
   [2]Java for Mac OS X 10.6 Update 14 for 10.6 Snow Leopard. Apple's
   [3]security page notes that these updates address two critical
   vulnerabilities (CVE-2013-0809 and CVE-2013-1493), the latter of which
   has been actively exploited to, according to [4]Oracle, 'maliciously
   install the McRat executable onto unsuspecting users' machines.' Once
   installed, the McRat trojan can then download further malware onto the
   affected computer. Both updates bring Java SE 6 up to version 1.6.0_43.
   The updates are available via the App Store app or Software Update and
   direct download, and Apple reminds you to quit any Web browsers and
   Java applications before installing either one.

   If you don't rely on Java for any critical apps, it might be time to
   remove Java entirely from your system. Rich Mogull recommends doing
   this, and describes how to extricate it from your Mac in the latest
   issue of [5]Macworld. If you need Java to run an app (such as the
   CrashPlan backup utility), Rich also notes how you can keep java
   isolated by disabling it in the Safari, Chrome, and Firerox browsers.
   (Free, 63.8 MB and 69.3 MB)

References

   1. http://support.apple.com/kb/DL1572
   2. http://support.apple.com/kb/DL1573
   3. http://support.apple.com/kb/HT5677
   4. https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493
   5. http://www.macworld.com/article/2028900/how-to-disable-java-on-your-mac.html

.