| Giveaway: Bracketron Case | If outdoor adventures are in your future this summer, enter to win a Bracketron Sport Case with Mount Strap from MacNN and keep that iPhone, iPod or other electronic device safe from the elements. |
Yesterday in the MacNN forums, "cgc" was trying to figure out why they were having problems with certain websites after updating Safari and Java. Also yesterday, Professional Poster "badidea" was having a problem with the cursor remaining on screen while the iTunes visualizer is playing.
Apple on Tuesday updated both Java and its web browser Safari for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a site-by-site basis, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple forcibly disabled the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated.
Due to multiple and in-use vulnerabilities that are actively affecting user systems, Apple has taken the step of blocking the web plug-ins for all older versions of Java 6 and 7. Browsers on Snow Leopard, Lion and Mountain Lion that don't include their own built-in versions of the Java plug-in must be updated to the current version, which is update 17 for Java SE 7 and update 43 for Java SE 6. Java is not installed on modern Macs by default, and disabled automatically if not used for 31 days or more even if installed. The move does not affect local installations of Java, only the web plug-in.
Oracle has released a new version of Java 7, Update 17. The patch is being released early, Oracle says, to cope with a security hole that is being "actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users’ machines." The vulnerability was made public late last week. It also fixes a second, previously undocumented flaw, believed to be likewise connected to Java SE's 2D component.
A new vulnerability has been discovered in the latest versions of Java, v1.6 Update 41 and v1.7 Update 15, say researchers from security firms FireEye and Kaspersky Lab. Critically the bug is already being exploited in order to download and install a remote access tool, "McRAT," on targeted computers. The malware is being spread through a JPG file hosted on a Japanese website.
Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.
Apple has released a promised Java update in the wake of an attack by Chinese hackers. The patch is available in two versions, for Lion/Mountain Lion and Snow Leopard. In both cases the code should bring Java SE 6 up to v1.6.0_41.
Roughly ten days after it last updated iPad mini ship times, Apple has dropped the wait again -- indicating that availability is improving. While still not achieving what CEO Tim Cook calls "supply/demand balance" (which generally translates into a shipping status of "in stock" or available for immediate shipping), the delay has now dropped to 1-3 business days in the US and Canadian stores, down from the 3-5 day delay recently advertised. The iPad mini has been heavily in-demand since release, and in-store supplies are still constrained.
Oracle has released Java 7 Update 13. In an announcement, Oracle explains that the update was originally slated to go live February 19th, but that it was pushed out early because of "active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers." In all the code fixes 50 security holes; 44 of these are said to have been browser-only.
Apple is once again blocking the use of the Java web plug-in in OS X, reports say. The company has issued a silent update to OS X's anti-malware system which sets the minimum version of Java beyond the current Mac release, Java 7 Update 11. As a consequence, Java can't be used in web browsers on Macs until Oracle issues its next patch. The step may back (or be based on) views that Java continues to have serious security flaws.
[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.
A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.
Though recent versions of OS X no longer ship with a Java plug-in -- and Apple has ceased developing its own versions and left compatibility to Java owner Oracle -- the company is pushing an updated version of Oracle's latest release of Java SE 6 (version number 1.6.0 build 37) through its own Software Update mechanism. The update fixes a critical "zero-day" exploit reported at the end of last month and is available as separate releases for OS X 10.6, and OS X 10.7 and higher.
At the end of the day on Wednesday, and months after the surprise close of the trial, Oracle filed with the United States District Court for the Northern District of California a notice of appeal of Judge William Alsup's decision in the Java patent trial with Google. Oracle is contesting the decision based on Judge Alsup's ruling of the Java API being non-patentable.
Users of Macs that are still running older OS versions such as Snow Leopard and earlier, as well as those running newer OS versions but have installed Java on their own, are advised to turn off the Java functionality in both their browser and system, thanks to a critical new flaw found in all currently-supported versions of Java, including the latest ones. The bug allows attackers to bypass security features and install malware on Macs or Windows machines that have Java installed and active. All versions from Java 5 on up are affected by the flaw.
At Adobe's Create the Web event in San Francisco today, Adobe unveiled its newly-renamed Edge suite of JavaScript, HTML5, and CSS3 tools and services. Amongst the new offering are Adobe Edge Animate, Adobe Edge Inspect, and Adobe PhoneGap Build. Adobe has also given users a preview of Adobe Edge Code with the new release.
Apple has posted two new OS X Java updates: one for Lion, Java for OS X 2012-005, and one for Snow Leopard, Java for Mac OS X 10.6 Update 10. In both cases the patches now prevent Java from running in an always-on state. The Java plugin is killed if no applets have been run for an "extended period of time;" in fact, if Java for OS X 2012-004 wasn't previously installed, 005 disables Java by default until a person choose to enable or re-enable a Java plugin in their browser.
Apple has issued its own statement in response to a leaked list of 1 million UDIDs purportedly stolen from an FBI notebook. "The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," spokeswoman Natalie Kerris tells AllThingsD. "Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of UDID and will soon be banning the use of UDID."
The FBI is denying any involvement in a list of leaked iOS UDIDs, according to official statements. "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency tells AllThingsD. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
[Update: FBI denies leaked data came from its equipment] A hacker group, Antisec, has released what it says is a list of one million iOS UDIDs pulled from an FBI notebook in March. The Dell Vostro reportedly belonged to Supervisor Special Agent Christopher K. Stangl from the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team; his system was hacked using an AtomicReferenceArray vulnerability in Java, and during the attack Antisec says it downloaded a number of files, one of which was listed as "NCFTA_iOS_devices_intel.csv."
Oracle has issued a patch to address a recently discovered security hole affecting Mac, Windows, and Linux users. The patch represents a rare early fix release, as Oracle was already slated to release a patch in October of this year. The patch is available for download at Java.com.
A new security exploit in Java 7 is affecting Mac, Windows, and Linux users alike, according to an engineering manager for Metasploit, an open-source penetration testing framework. The vulnerability is described as "super dangerous," since an attack can be triggered simply by visiting a hacked or intentionally malicious website. OS X Lion and Mountain Lion do provide a modest level of protection, since Java isn't installed by default on the operating systems, which also ask users if they want to run the software.
While Google continues to claim that it has not paid any writers to directly report or comment on the Oracle versus Google lawsuit, in response to a second judicial order the search engine and advertising giant has provided a list of individuals and groups who have commented on the case and have, possibly coincidentally, received money from the company. The list includes Google lawyer William Patry, Java creator James Gosling, and Computer and Communications Industry Association (CCIA) overseer Ed Black.
Researchers from Kaspersky Lab have released a description of a new malware delivery platform capable of spreading itself and its payload to Windows, Mac OS X, VMWare virtual machines, and Windows Mobile devices. The "Crisis" trojan is capable of intercepting emails and instant messages, with a module to keep track of websites visited by the infected computer.
In the ongoing dispute between Google and Oracle over patents related to Android's use of Java code, US District Court Judge William Alsup last week ordered both parties to disclose any paid journalists, bloggers, pundits or other writers who may be writing opinion pieces with or without fully disclosing their relationship with the companies -- a practice known as "astro-turfing" since it mimics "grassroots" opinion.
Oracle has released a collection of new Java updates for OS X. The most important of these is Java SE 7 Update 6, which brings SE 7 to OS X for the first time. Matching an updated Java Runtime Environment is a new Java Development Kit, plus the JavaFX 2.2 rich client platform and JavaFX Scene Builder.
Fresh off a triumph over Oracle in its Java plagiarizing dispute, Google has undertaken a potentially-risky maneuver by filing for a judgement as a matter of law (JMOL) ruling from Judge William Alsup on various unresolved issues from Oracle's copyright claims, and requests a hearing date of August 23. Given Alsup's comprehensive judgement on the matter, the next venue for the appeal is almost certainly the Federal appeals court in Washington, DC. Both Oracle and Google have requested the judge rule on a JMOL motion related to the unceremonious $0 dollar settlement marking the end of the trial.
The contentious Oracle lawsuit against Google's use of Java code in Android, which ended in a mixed and muted exoneration for Google, took another turn Wednesday as the two tech titans agreed to a zero-dollar award. Presiding Judge William Alsup only asked "is there a catch I need to be aware of." Oracle is filing a partial appeal with the Federal Circuit Court of Appeals, which could return portions of the suit to Alsup's courtroom later this year.
A jury at the US District Court of Northern California has determined that Google has not infringed on six claims contained in two Oracle patents. The unanimous decision is viewed as a partial win for the search giant, however the company still faces potential damages in an earlier verdict that focused on copyright violations for a number of Java APIs.
After possibly infecting up to 1.8 percent of the Macintosh population with a click-fraud macro through a Java vulnerability, the Flashback creators won't get paid despite their efforts, reports Computerworld. Following a coordinated security effort between antivirus vendors and security experts, remote malicious orders were blocked or prevented from effecting an estimated peak 600,000 infected computers. Apple joined the fray late, but provided patches and a removal tool for the malware.
Oracle and Google continued the debate over how to proceed with the ongoing Java patent infringement suit. During the discussion and filing with the Judge William Alsup, Oracle presented a document summarizing why it is entitled to Google's profits from the case -- "super shady" contractors from Noser in Google's Android team. Google disputes the relevance of the filing.
It appears the Google versus Oracle legal skirmish regarding Java patentability is beginning to wind down. At the beginning of today's hearings, Judge William Alsup granted Oracle's request for a judgement as a matter of law (JMOL) in regards to eight files copied directly into Android from Oracle's code base, and awarded an additional copyright infringement to Oracle. The matters of "fair use" and willful violation have yet to be decided.
The jury assigned to the Oracle versus Google lawsuit has returned a partial verdict. On the matter of API copyright infringement, Google has been found to have violated the sequence, structure, and organization of 37 Java API copyrights. However, whether or not the infringement was fair use remains to be decided, as the jury was unable to break through a previously reported impasse on the matter. Judge Alsop is not waiting for motions from either side, and is immediately moving forward with the next phase, the patent phase, of the trial.
Judge William Alsup unexpectedly read portions from a previously-sealed Googledocument during a Thursday compensation hearing, a part of the company's ongoing legal battle with Oracle. While not disclosing specific figures, Alsup revealed that Google's Android mobile platform lost money in every quarter of 2010. Google does not release financial information about Android.
Apple is now preparing a pair of Java 6 runtime updates for OS X 10.6 and 10.7 that will mark the last Apple-custom versions of Java, handing over all future development and responsibility for Java on the Mac platform directly to Oracle. Apple had already stopped shipping a default version of Java with new Macs beginning with the release of Lion last summer, but had made in-house versions available to Lion users as well as continued supporting the Snow Leopard version.
The jury in the Oracle vs. Google lawsuit has reached a partial verdict on three of four questions that they were required to consider as part of the copyright liability phase of the trial. The foreman said that a minority of the jury felt that more time would be helpful in reaching agreement on all four questions. Judge Alsup pointed out that the jurors did not need to reach a unanimous agreement on the fourth question, but the foreman told the Judge the impasse was on one of the three questions (embedded below) that required full agreement.
After 20 hours of deliberations spread over four days, the jury responsible for the Google versus Oracle Java court battle has so far failed to reach a decision. A question posed to Judge William Alsup posed more questions as to the timely resolution of the trial -- a note passed to the judge by the jury asked what would happen if they couldn't reach a unanimous decision.
Java pioneer James Gosling has criticized Google for the tactics it used in going without a Java license for Android. He argued that, despite former Sun chief Jonathan Schwartz saying Sun couldn't sue Google, the decision to skip a license still hurt the company. Google "totally slimed" Sun, and even Schwartz was tolerating the action rather than endorsing it.
Following the disruption caused by an unpatched vulnerability in Mac versions of Java SE 6 that played havoc with the Mac community for several weeks until Apple finally posted the patch, Oracle has announced that it will take the lead in supplying both Java SE 7 and its runtime environment to Mac users who need it. For developers, the Java SE 7 Update 4 and its JDK as well as JavaFX 2.1 are both available now for download, marking Oracle's first direct delivery) for Mac OS X.
Oracle and Google both rested their cases in the first of three trial phases for Oracle's lawsuit against Google over Android. The two sides shied away from the larger revelations and accusations, with Google mostly relying on expert testimony from Duke University's Dr. Owen Astrachan that portrayed the Java programming interfaces as basic fundamentals for programming rather than a copyrightable form. While Google could have reordered the structure of its custom code for Android, using a structure like Sun's and making the actual implementation different helped ease developers into the OS while purportedly having "completely different" code.
Oracle may have run into an obstacle in its lawsuit against Google during testimony by former CEO Jonathan Schwartz. Despite Oracle's own CEO Larry Ellison being unsure if Java was free to use for Android's framework, Schwartz said the programming interfaces were always cleared for free use and weren't proprietary. Sun didn't sue Google over its early Android use as it didn't feel it "had any grounds" to take action, he testified.
Oracle saw a significant setback Wednesday after Judge William Alsup ruled (below) that the company couldn't use a revived Java patent against Google. He told the database firm that, as the trial had already started before the patent had been put back into effect, Oracle couldn't use the claim as part of the proceedings. If Oracle had been given permission, it would inherently bias the trial by forcing Google to defend against claims it was told wouldn't be factors.
In testimony that appeared to be crafted specifically to downplay any revenue generated by Android, Google's mobile head Andy Rubin told prosecutors in the ongoing trial with Oracle over Java licensing that the system exists mainly to "make it easier to access Google services" and that he did not expect the OS would contribute significantly to Google's ad revenues. While Google makes around $2.5 billion in mobile ad revenue every year, a substantial portion of that comes from iOS advertising rather than Android ads.
Google during its own turn at Oracle's lawsuit over Java patents saw its executive chairman and former CEO Eric Schmidt explain why the company hadn't paid for a Java license for Android. During the platform's development, a pre-Oracle Sun had asked for $30 million to $50 million, which Google would have been willing to pay, Schmidt said in testimony. The issue was instead one of control, as Google wanted to determine what Sun techniques were contributed to its source.
Google's mobile VP Andy Rubin gave testimony on Monday in Oracle's lawsuit that Java was likely copyrighted, raising the possibility Google owed royalties for Android. He wouldn't link the copyrighting to Sun, but he agreed with an Oracle attorney that a 2006 e-mail had said the java.lang app programming language (APIs) "were copyrighted," according to CNET's account of the conversation. Rubin did acknowledge a statement earlier that same day that he didn't think Google could go ahead without permission from Sun.
Oracle may get a significant weapon in its ongoing lawsuit against Google over Java use in Android. In an unusual Sunday legal brief caught by Florian Mueller, Oracle told presiding Judge William Alsup that a US patent's rejection, which had lead to a streamlined case, had several of its claims reinstated. The notice didn't constitute a formal notice of action.
The Google versus Oracle fight continued in court today, with self-titled "Chief Java Architect" Joshua Bloch's recorded testimony stating that it was "likely" some code he wrote for Android was the same as Sun's Java code. Nine lines of the code in question are duplicated in Google's Timsort.java file from 2007 that are also found verbatim from Sun's Arrays.java code, written in 1997.
Google engineer Tim Lindholm used testimony in Oracle's ongoing lawsuit over Java in Android to deny claims that form a cornerstone of the complaint. He denied that a potentially incriminating 2010 e-mail where he said "we need to negotiate a license for Java under the terms we need" was an acknowledgment that Google knew it had violated Oracle's copyrights and patents. He instead claimed that was "not a license from anybody," not Oracle or anyone else.
Google CEO Larry Page in a second day of testimony at trial made the unusual remark that he was "not sure" if Android was a critical asset for Google. While it was "very important," he emphasized the company's sometimes understated view that Android was ultimately a vehicle for Google services like ads, not an end into itself. The mobile OS was developed partly in response to earlier Java devices, he said: even with 100 phones to try, none of them would use Google's services properly.
Both the CEOs of Google and Oracle testified on Tuesday in the just-started trial for Oracle's lawsuit over Java in Android with statements that may have returned some of the balance to Google. While expected, Google co-founder Larry Page insisted Google "didn't do anything wrong" in using Java. Oracle CEO Larry Ellison had brought the accusations of copying forward in a dinner meeting, but Oracle had never followed through with examples until the lawsuit, possibly because there "wasn't very strong evidence," according to Page.
