Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Both updates plug a hole that allowed malicious applets to execute arbitrary code by exploiting an uninitialised variable in the routine used to generate MD5 and SHA-1 hashes.
The version of the Java plug-in previously provided for Leopard allowed applets to launch file: URLs, meaning a malicious applet could run another program. It might be harder than ever to sneak files onto a Mac and hopefully users are stopping and thinking when the authorisation dialog pops up, but eliminating a method for remotely running a program has to be worthwhile.
And for Mac OS X 10.5 Server, a change in the default jurisdiction policy allows the use of cryptographic keys that are longer than 128 bits. The longer the key, the more secure the encryption.
The other issues - over 20 of them - are addressed in this update by installing newer versions of the various versions of Java. Java 1.4 is updated to 1.4.2_18, Java 1.5 to 1.5.0_16, and Java 1.6 to 1.6.0_07.
In each case, Apple skipped at least one build. For example, the previous version of Java 1.5 provided by Apple was 1.5.0_13. While Sun only documents security issues with the Windows, Linux and Solaris versions of Java, it seems that at least one of the skipped versions included security fixes as well as other changes that appear relevant to the Mac OS X implementations.
Anyway, once you've installed Apple's latest updates you'll be running Sun's most recent versions of Java.
As usual, Software Update is the easiest way of updating a single Mac, but if you have two or more computers to take care of you can save bandwidth by downloading the installers from Apple Downloads.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.