Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Posts Security Update 2005-002

Posted by pudge on Tuesday February 22, 2005 @06:03PM from the i-am-scared dept.

thelemmings writes "Today, Apple released Security Update 2005-002 for Mac OS X. It fixes a bug in the Java 1.4.2 implementation where an untrusted applet could gain elevated privileges and potentially execute arbitrary code. Sounds scary."

1 of 84 comments (clear)

Min score:

Reason:

Sort:

Scary? Well... by JavaRob · 2005-02-22 18:53 · Score: 4, Interesting

This is an serious bug and an important security update, and I'm not blowing that off... but I gotta live up to my username and point out the other side of the coin.

So what happened is one version of the JVM, on OSX, has an exploitable flaw that still leaves it less dangerous than... well, Active-X, unflawed.

It's not as serious a problem as it looks, also. They can't install a rootkit or anything like that, just because of the way OSX is designed. Say you have a Mac, and browsed to a site hosting a malicious applet (it's not a virus, so you'd have to *go* there to be in danger, and the website creator is obviously easier to trace than a virus writer). That applet could overwrite your documents, and wreak a lot of havoc, but you're not going to get owned. The Mac will prompt you for a password before it lets any software touch the core software (even its own security update!).

So -- yes, get the fix if you've got a mac, but it's not "scary".