The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion are meant to tackle the vulnerability described in CVE-2012-0547. But, according to KerbsOnSecurity, it seems that Cupertino hasn’t addressed the recent mega-vulnerabilities of Java as described in CVE-2012-4681.
With Flashback Trojan proving that Mac systems are not untouchable anymore and that security vulnerabilities in Java were exploited earlier to create a botnet with as many as 600,000 zombies it should be a concern for all Mac users and a point to ponder on as to the next steps they must adopt to secure their systems.
Oracle has already released an update for the recent Java 0-day vulnerabilities thereby patching the Java Runtime Environment (JRE) 1.7. But, it seems that this update itself is riddled with flaws and leaves systems vulnerable to another attack.
We advise users that in case you are using a Mac or in fact any other system and want to avoid being hacked you should disable Java completely. Functionality of your browsers and internet experience may greatly be reduced but, it is in the best of interest as it is always better to have limited functionality than to be hacked.
