Slashdot Mirror
Apple Posts Security Update 2005-002
thelemmings writes "Today, Apple released Security Update 2005-002 for Mac OS X. It fixes a bug in the Java 1.4.2 implementation where an untrusted applet could gain elevated privileges and potentially execute arbitrary code. Sounds scary."
Also, it appears to contain a tweak to the Safari popup blocker, as it now seems to be blocking the new popunders that everyone has been clamoring about.
This seems like a really good thing to me...
Are you running the latest Java updates for 10.3? IIRC, it'll only show up if you've installed the Java 1.4.2 update from last year, and it won't come up on 10.2 or lower at all.
I use Macs for work, Linux for education, and Windows for cardplaying.
... not quite.
Mis-type a URL when the new URL goes to a cleverly written piece of Java designed specifically to hack your OS X and you'll be compromised.
Mis-type the other 99.999999% (+/- 0.0000001% error) of URLs and you'll be fine.
Still, you're correct on the bit about Safari not prompting you to run a Java applet. I think you can turn Java off though (not in front of the iBook right now, can't recall). The update fixes a potentially big hole.
Most malicous websites don't care about deleting your documents or "owning" your machine -- they just want to turn you into a spam relay. Which OS X's user accounts do nothing to prevent.
It's a bug which was present in Sun JVMS:
e y=1-26-57591-1&searchclause=57591
http://sunsolve.sun.com/search/document.do?assetk
Fixed in J2SE 5, J2SE 1.4.2_06, and J2SE 1.3.1_14.
>>ActiveX on the other hand prompts you before it is run.
Not as default you have to set it to do that.
So they aren't all that different except the Core of OS X will still be safe while Windows just became a spam zombie.
Both will destroy whatever personal data they can get ahold of.
i thought once I was found, but it was only a dream.