Oracle Stories November 10, 2014

A new report from Reuters citing sources at Apple familiar with the company’s plans for future corporate offerings has unveiled new details on the Cupertino corporation’s efforts to recruit business clients and software developers. According to these sources, Apple is currently courting companies such as Citigroup, ServiceMax, and PlanGrid (among others) to augment its current IBM enterprise agreement.

The exact nature of the proposed partnerships between these companies hasn’t been confirmed yet, but the general idea is similar to the IBM arrangement. ServiceMax, a company that creates solutions for managing field technicians, and PlanGrid, which allows construction workers to share blueprints with each other, will both agree to roll out Apple hardware with custom software to their clients.

expand full story

Oracle Stories August 12, 2013

Larry Ellison, the CEO of Oracle, longtime close friend of Steve Jobs, and former Apple Director, shared with CBS’s Charlie Rose what he believes post-Jobs Apple will look like. As quoted by AllThingsD:

“Well, we already know,” Ellison told Rose. “We saw — we conducted the experiment. I mean, it’s been done. We saw Apple with Steve Jobs. We saw Apple without Steve Jobs. We saw Apple with Steve Jobs. Now, we’re gonna see Apple without Steve Jobs.”

Ellison’s quote seems to be referring to Apple’s history with Steve Jobs (the time in which the company launched the iPhone, iPad, and iPod, for example) in comparison to Apple’s darker years with leadership from the likes of John Sculley and Gil Amelio.

Now, with Steve Jobs’s hand-picked successor Tim Cook and the rest of the leadership team with Jony Ive, Craig Federighi, and Eddy Cue at the helm, Ellison seems to think that the pattern of dark days under leaders other than Jobs will repeat itself.

Updated with larger embed via CBS news below, which includes his thoughts on Larry Page being evil and the quote above being put into better context:

expand full story

The best 4K & 5K displays for Mac

Oracle Stories March 4, 2013

Fool me twice: Apple releases Java update for the latest Zero Day

Following a number of reports of new zero-day vulnerabilities in the Java browser plug-in, Oracle has today released an emergency update to Java 7 as Apple updates Java SE 6 to version 1.6.0_43.

Today Oracle released Security Alert CVE-2013-1493 to address two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809).  One of these vulnerabilities (CVE-2013-1493) has recently been reported as being actively exploited by attackers to maliciously install the McRat executable onto unsuspecting users’ machines.  Both vulnerabilities affect the 2D component of Java SE.  These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications.  They also do not affect Oracle server-based software.  These vulnerabilities have each received a CVSS Base Score of 10.0.

Researchers from security firm FireEye warned users last week of yet another new Java zero-day vulnerability and recommended users disable Java until Oracle addresses the issue. Today, Oracle said it knew about the flaw since Feb. 1 but didn’t get around to patching it in the last release:

Though reports of active exploitation of vulnerability CVE-2013-1493 were recently received, this bug was originally reported to Oracle on February 1st 2013, unfortunately too late to be included in the February 19th release of the Critical Patch Update for Java SE

The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE (note that Oracle recently announced its intent to have an additional Java SE security release on this date in addition to those previously scheduled in June and October of 2013).  However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this Security Alert.

Oracle Stories March 1, 2013

url-3

Following an attack on a smaller number of corporate Macs that exploited a flaw in the Java browser plug-in, researchers from security firm FireEye warned users of yet another new Java zero-day vulnerability. According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are now vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month. Following the earlier attack, Apple released an update to Java for users to version 1.6.0_41. These recent vulnerabilities come after several updates over the last year to Java addressing exploits.

FireEye recommended users disable Java until Oracle addresses the issue:

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.

Oracle provided the instructions below for uninstalling Java on Mac: expand full story

Oracle Stories February 1, 2013

Java browser plug-in on OS X re-enabled with update to Java 7

Reports from earlier this week noted Apple had recently blocked Java 7 browser plug-ins again on OS X. While the exact reason was unclear, a terminal workaround is no longer required. Oracle released update 13 for Java 7 for Mac OS X today. The critical patch brings over 50 new security fixes for Jave SE products, in addition to re-enabling plug-ins on OS X.

The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.

Oracle Stories October 17, 2012

Further pushing toward the idea of a plugin-free internet, Apple has issued an update to Java for OS X that removes the Java applet plugin. Attempting to use a Java applet through any OS X web browser will now prompt users to download the latest version directly from Java maker Oracle.

This is not the first time Apple has stopped shipping a specific browser plugin with their computers. With OS X Lion, users discovered that their Macs no longer came with Adobe’s oft-derided Flash Player plugin due to its instability and security issues. Apple has long held browser plugins in contempt, especially following the success of iOS, which hasn’t supported browser plugins at all in the past six years.

Just about every Mac Trojan/vulnerability over recent months and years has been related to outdated Java code. This move should close off those attack vectors.

expand full story

Powered by WordPress.com VIP