Toolbar removable by deleting in the browser extension menu
Oracle's Java Update 8 Update 40 for OS X has an unexpected surprise for installers. The update instructions note that the company has "partnered with companies that offer various products" and will install the borderline-malware Ask.com toolbar into unsuspecting OS X users' systems.
Google asks Supreme Court to weigh in over Java API use in Android
The battle between Google and Oracle could be heating up again in the near future, as the search giant has petitioned the US Supreme Court to review the case for a final ruling. Previously, the US Court of Appeals for the Federal District overturned a lower court ruling that found Google didn't infringe upon Oracle copyright by using pieces of open-source Java APIs in Android without a license.
Company no longer issuing platform fixes, security updates continue until April 2015
When the next quarterly update to Java rolls around later this month, Oracle says it won't include support for Windows XP users. The critical patch update, scheduled for July 15, updates Java 7 and Java 8 for newer Microsoft operating systems from Vista up to Windows 8. The choice to use Java on XP is left up to users because of the potential risk involved.
Next step for Android case either Supreme Court or retrial
The US Court of Appeals for the Federal Circuit in Washington, DC has overturned the Google vs Oracle court case, finding that Java APIs are subject to copyright protection. Reuters' Dan Levine was the first to break the news with a tweet on the ruling. The trial is now likely to head back to the Northern District of California for a second attempt, or see hearings before the US Supreme Court upon further appeal.
Court appears skeptical of Judge William Alsup ruling
The US Court of Appeals for the Federal Circuit in Washington, DC, appears to be siding with Oracle in the company's lawsuit against Google over Android APIs. A formal ruling has yet to be handed down, however Reuters' Dan Levine and The Recorder's Scott K. Graham, both in attendance at today's hearing, published Twitter posts suggesting that the appeals court is likely to reverse Google's earlier win.
Apple-provided update fixes issues, uninstalls the old Apple Java applet plug-in
For the fifth time this year, Apple has had to issue an update to Java for all three supported versions of OS X: Snow Leopard (10.6), Lion (10.7) and Mountain Lion (10.8). As has become the norm, the update was issued due to the discovery of "multiple vulnerabilities" in Java 1.6.0_51. The cross-platform development technology has been updated to version 1.6.0_65, and is referred to in Software Update as "Java for Mac OS X 10.6 Update 17" for Snow Leopard and "Java for OS X 2013-005" for newer systems.
Safari update brings parity with version in Mavericks
Apple is distributing new pre-release builds of iTunes, Safari, Java, and the OS X 10.8.5 Supplemental Update amongst employees, a report says. The Supplemental Update is said to have reached build 12F45, as opposed to the 12F42 code seen during an initial leak. Safari 6.1 is meanwhile up to build 537A134.
Keeping Java up-to-date can help avoid inconvenience
Carriers update SIM cards with Java flaw, preventing costly recall
By exploiting the same Java-based flaw that caused the problem in the first place, most major wireless carriers have fixed a critical problem with SIM cards crucial to mobile phones that could have revealed personal data from cellphones to malicious parties. The counter-hack saved the wireless industry millions of dollars that it would have cost to replace all the affected SIM cards.
WebRTC toggled on by default
Early Java update may be faulty
Two significant technical problems hit Apple over the weekend, accounts say. The first is the discovery that early installers of last week's Lion/Mountain Lion Java update may have downloaded a premature build, xM4508, which can prevent some Java apps from working. The corrected version is xM4509, and is available via Software Update or Apple's support page. People can check which build they have installed by entering "/usr/libexec/java_home -v 1.6 -exec java -version" into Terminal.
Updates fix security, stability, and compatibility problems
Apple has posted twin Java updates for OS X, Java for OS X 2013-004 and Mac OS X v10.6 Update 16. Both deal with security, stability, and compatibility flaws. The first is targeted at Lion and Mountain Lion users, while the second is for Snow Leopard only.
Includes Safari 6.0.5
Apple has released a completed v10.8.4 update for OS X Mountain Lion. The release solves numerous issues, such as compatibility problems when connecting to enterprise Wi-Fi networks, and support for Microsoft Exchange in Calendar. FaceTime calls should now properly connect to non-US phone numbers, and Macs should go to sleep after using Boot Camp.
Who's to blame, Safari or Java?
Yesterday in the MacNN forums, "cgc" was trying to figure out why they were having problems with certain websites after updating Safari and Java. Also yesterday, Professional Poster "badidea" was having a problem with the cursor remaining on screen while the iTunes visualizer is playing.
Restores more user control to Java web plug-in
Apple on Tuesday updated both Java and its web browser Safari for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a site-by-site basis, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple forcibly disabled the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated.
Apple now blocking older versions of Java 6, 7
Due to multiple and in-use vulnerabilities that are actively affecting user systems, Apple has taken the step of blocking the web plug-ins for all older versions of Java 6 and 7. Browsers on Snow Leopard, Lion and Mountain Lion that don't include their own built-in versions of the Java plug-in must be updated to the current version, which is update 17 for Java SE 7 and update 43 for Java SE 6. Java is not installed on modern Macs by default, and disabled automatically if not used for 31 days or more even if installed. The move does not affect local installations of Java, only the web plug-in.
Five more vulnerabilities discovered
Oracle has released a new version of Java 7, Update 17. The patch is being released early, Oracle says, to cope with a security hole that is being "actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users’ machines." The vulnerability was made public late last week. It also fixes a second, previously undocumented flaw, believed to be likewise connected to Java SE's 2D component.
Real-world malware called inconsistent
A new vulnerability has been discovered in the latest versions of Java, v1.6 Update 41 and v1.7 Update 15, say researchers from security firms FireEye and Kaspersky Lab. Critically the bug is already being exploited in order to download and install a remote access tool, "McRAT," on targeted computers. The malware is being spread through a JPG file hosted on a Japanese website.
Third emergency update may be the charm for recent malware issues
Oracle has once again released an updated version of Java SE 7 in order to combat serious vulnerabilities that have resulted in malware attacks on both Macs and Windows PCs. The new version, Update 15, comes less than three weeks after the previous patch, and follows an Apple-issued update to Java SE 6 in the wake of hacker attacks against Apple's own employees' work Macs. The new update is said by Oracle to "enhance security" as well as improve performance and stability.
Lion, Mountain Lion, Snow Leopard get Java SE 6 fixes
Apple has released a promised Java update in the wake of an attack by Chinese hackers. The patch is available in two versions, for Lion/Mountain Lion and Snow Leopard. In both cases the code should bring Java SE 6 up to v1.6.0_41.
Shipping for iPad mini orders drops to 1-3 days
Roughly ten days after it last updated iPad mini ship times, Apple has dropped the wait again -- indicating that availability is improving. While still not achieving what CEO Tim Cook calls "supply/demand balance" (which generally translates into a shipping status of "in stock" or available for immediate shipping), the delay has now dropped to 1-3 business days in the US and Canadian stores, down from the 3-5 day delay recently advertised. The iPad mini has been heavily in-demand since release, and in-store supplies are still constrained.
Java resumes working in OS X
Oracle has released Java 7 Update 13. In an announcement, Oracle explains that the update was originally slated to go live February 19th, but that it was pushed out early because of "active exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers." In all the code fixes 50 security holes; 44 of these are said to have been browser-only.
Normal use waiting on Oracle update
Apple is once again blocking the use of the Java web plug-in in OS X, reports say. The company has issued a silent update to OS X's anti-malware system which sets the minimum version of Java beyond the current Mac release, Java 7 Update 11. As a consequence, Java can't be used in web browsers on Macs until Oracle issues its next patch. The step may back (or be based on) views that Java continues to have serious security flaws.
Blacklist requires unreleased version of Java for plugin to work
[Update: Mozilla joins in, FBI issues warning, fix coming] Apple has disabled the Java 7 browser plug-in on Macs through an updated OS X blacklist file, notes MacRumors. Recently a major security vulnerability was discovered in Java 7, one already being exploited in malware. In response, Apple has silently pushed an updated Xprotect.plist file to OS X users, setting an as-yet-unreleased v1.7.0_10-b19 as the minimum version of Java required for unrestricted operation.
Vulnerability found in Java 7 Update 10
A previously unknown vulnerability in Java is being used online by hackers, according to security researchers. The 0-day exploit has also reportedly been included in two malware toolkits used by hackers, with the best form of protection currently being to turn off the Java plug-in for all browsers until the hole is patched.
Patches zero-day exploit for Snow Leopard, Lion, ML
Though recent versions of OS X no longer ship with a Java plug-in -- and Apple has ceased developing its own versions and left compatibility to Java owner Oracle -- the company is pushing an updated version of Oracle's latest release of Java SE 6 (version number 1.6.0 build 37) through its own Software Update mechanism. The update fixes a critical "zero-day" exploit reported at the end of last month and is available as separate releases for OS X 10.6, and OS X 10.7 and higher.
Oracle must overcome both 'fair use' and non-patentable API issues
At the end of the day on Wednesday, and months after the surprise close of the trial, Oracle filed with the United States District Court for the Northern District of California a notice of appeal of Judge William Alsup's decision in the Java patent trial with Google. Oracle is contesting the decision based on Judge Alsup's ruling of the Java API being non-patentable.
Fault is in all supported versions of Java, Oracle notified
Users of Macs that are still running older OS versions such as Snow Leopard and earlier, as well as those running newer OS versions but have installed Java on their own, are advised to turn off the Java functionality in both their browser and system, thanks to a critical new flaw found in all currently-supported versions of Java, including the latest ones. The bug allows attackers to bypass security features and install malware on Macs or Windows machines that have Java installed and active. All versions from Java 5 on up are affected by the flaw.
Package mix of new, updated, renamed tools
Patches disable always-on Java support
Apple has posted two new OS X Java updates: one for Lion, Java for OS X 2012-005, and one for Snow Leopard, Java for Mac OS X 10.6 Update 10. In both cases the patches now prevent Java from running in an always-on state. The Java plugin is killed if no applets have been run for an "extended period of time;" in fact, if Java for OS X 2012-004 wasn't previously installed, 005 disables Java by default until a person choose to enable or re-enable a Java plugin in their browser.
Says new APIs in iOS 6 will render UDID system obsolete
Apple has issued its own statement in response to a leaked list of 1 million UDIDs purportedly stolen from an FBI notebook. "The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization," spokeswoman Natalie Kerris tells AllThingsD. "Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of UDID and will soon be banning the use of UDID."
Says it's 'totally false' that it was collecting iOS data
The FBI is denying any involvement in a list of leaked iOS UDIDs, according to official statements. "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," the agency tells AllThingsD. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
User names, phone numbers, other data also allegedly leaked
[Update: FBI denies leaked data came from its equipment] A hacker group, Antisec, has released what it says is a list of one million iOS UDIDs pulled from an FBI notebook in March. The Dell Vostro reportedly belonged to Supervisor Special Agent Christopher K. Stangl from the FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team; his system was hacked using an AtomicReferenceArray vulnerability in Java, and during the attack Antisec says it downloaded a number of files, one of which was listed as "NCFTA_iOS_devices_intel.csv."
Update 7 addresses hole ahead of planned update
Oracle has issued a patch to address a recently discovered security hole affecting Mac, Windows, and Linux users. The patch represents a rare early fix release, as Oracle was already slated to release a patch in October of this year. The patch is available for download at Java.com.
Lion, Mountain Lion safeguards provide modest defense
A new security exploit in Java 7 is affecting Mac, Windows, and Linux users alike, according to an engineering manager for Metasploit, an open-source penetration testing framework. The vulnerability is described as "super dangerous," since an attack can be triggered simply by visiting a hacked or intentionally malicious website. OS X Lion and Mountain Lion do provide a modest level of protection, since Java isn't installed by default on the operating systems, which also ask users if they want to run the software.
Search giant does not admit it paid writers to comment on case
While Google continues to claim that it has not paid any writers to directly report or comment on the Oracle versus Google lawsuit, in response to a second judicial order the search engine and advertising giant has provided a list of individuals and groups who have commented on the case and have, possibly coincidentally, received money from the company. The list includes Google lawyer William Patry, Java creator James Gosling, and Computer and Communications Industry Association (CCIA) overseer Ed Black.
Windows Mobile devices possible vector of Java-based infection
Researchers from Kaspersky Lab have released a description of a new malware delivery platform capable of spreading itself and its payload to Windows, Mac OS X, VMWare virtual machines, and Windows Mobile devices. The "Crisis" trojan is capable of intercepting emails and instant messages, with a module to keep track of websites visited by the infected computer.
Company must disclose paid writers by noon Friday
In the ongoing dispute between Google and Oracle over patents related to Android's use of Java code, US District Court Judge William Alsup last week ordered both parties to disclose any paid journalists, bloggers, pundits or other writers who may be writing opinion pieces with or without fully disclosing their relationship with the companies -- a practice known as "astro-turfing" since it mimics "grassroots" opinion.
Promises JRE downloads from Java.com 'soon'
Oracle has released a collection of new Java updates for OS X. The most important of these is Java SE 7 Update 6, which brings SE 7 to OS X for the first time. Matching an updated Java Runtime Environment is a new Java Development Kit, plus the JavaFX 2.2 rich client platform and JavaFX Scene Builder.
Judge Alsup unlikely to overturn his own rulings
Fresh off a triumph over Oracle in its Java plagiarizing dispute, Google has undertaken a potentially-risky maneuver by filing for a judgement as a matter of law (JMOL) ruling from Judge William Alsup on various unresolved issues from Oracle's copyright claims, and requests a hearing date of August 23. Given Alsup's comprehensive judgement on the matter, the next venue for the appeal is almost certainly the Federal appeals court in Washington, DC. Both Oracle and Google have requested the judge rule on a JMOL motion related to the unceremonious $0 dollar settlement marking the end of the trial.
Prescedent-setting trial expected to be appealed
The contentious Oracle lawsuit against Google's use of Java code in Android, which ended in a mixed and muted exoneration for Google, took another turn Wednesday as the two tech titans agreed to a zero-dollar award. Presiding Judge William Alsup only asked "is there a catch I need to be aware of." Oracle is filing a partial appeal with the Federal Circuit Court of Appeals, which could return portions of the suit to Alsup's courtroom later this year.
Legal battle centers around copyright issues
A jury at the US District Court of Northern California has determined that Google has not infringed on six claims contained in two Oracle patents. The unanimous decision is viewed as a partial win for the search giant, however the company still faces potential damages in an earlier verdict that focused on copyright violations for a number of Java APIs.
From 600,000 infections to 10,000; ad vendor won't pay
After possibly infecting up to 1.8 percent of the Macintosh population with a click-fraud macro through a Java vulnerability, the Flashback creators won't get paid despite their efforts, reports Computerworld. Following a coordinated security effort between antivirus vendors and security experts, remote malicious orders were blocked or prevented from effecting an estimated peak 600,000 infected computers. Apple joined the fray late, but provided patches and a removal tool for the malware.
Noser engineers had Oracle install, copied freely
Oracle and Google continued the debate over how to proceed with the ongoing Java patent infringement suit. During the discussion and filing with the Judge William Alsup, Oracle presented a document summarizing why it is entitled to Google's profits from the case -- "super shady" contractors from Noser in Google's Android team. Google disputes the relevance of the filing.
Trial continues, damages phase may start next week
It appears the Google versus Oracle legal skirmish regarding Java patentability is beginning to wind down. At the beginning of today's hearings, Judge William Alsup granted Oracle's request for a judgement as a matter of law (JMOL) in regards to eight files copied directly into Android from Oracle's code base, and awarded an additional copyright infringement to Oracle. The matters of "fair use" and willful violation have yet to be decided.
No decision on fair use, trial continues
The jury assigned to the Oracle versus Google lawsuit has returned a partial verdict. On the matter of API copyright infringement, Google has been found to have violated the sequence, structure, and organization of 37 Java API copyrights. However, whether or not the infringement was fair use remains to be decided, as the jury was unable to break through a previously reported impasse on the matter. Judge Alsop is not waiting for motions from either side, and is immediately moving forward with the next phase, the patent phase, of the trial.
Large losses by Android group taken in FY2010
Judge William Alsup unexpectedly read portions from a previously-sealed Googledocument during a Thursday compensation hearing, a part of the company's ongoing legal battle with Oracle. While not disclosing specific figures, Alsup revealed that Google's Android mobile platform lost money in every quarter of 2010. Google does not release financial information about Android.
Getting out of its own version entirely
Apple is now preparing a pair of Java 6 runtime updates for OS X 10.6 and 10.7 that will mark the last Apple-custom versions of Java, handing over all future development and responsibility for Java on the Mac platform directly to Oracle. Apple had already stopped shipping a default version of Java with new Macs beginning with the release of Lion last summer, but had made in-house versions available to Lion users as well as continued supporting the Snow Leopard version.
Judge urges Oracle vs Google jury to reconvene
The jury in the Oracle vs. Google lawsuit has reached a partial verdict on three of four questions that they were required to consider as part of the copyright liability phase of the trial. The foreman said that a minority of the jury felt that more time would be helpful in reaching agreement on all four questions. Judge Alsup pointed out that the jurors did not need to reach a unanimous agreement on the fourth question, but the foreman told the Judge the impasse was on one of the three questions (embedded below) that required full agreement.
20 hours of deliberation, no decision
After 20 hours of deliberations spread over four days, the jury responsible for the Google versus Oracle Java court battle has so far failed to reach a decision. A question posed to Judge William Alsup posed more questions as to the timely resolution of the trial -- a note passed to the judge by the jury asked what would happen if they couldn't reach a unanimous decision.