Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Posts Security Update 2005-002

Posted by pudge on from the i-am-scared dept.

thelemmings writes "Today, Apple released Security Update 2005-002 for Mac OS X. It fixes a bug in the Java 1.4.2 implementation where an untrusted applet could gain elevated privileges and potentially execute arbitrary code. Sounds scary."

9 of 84 comments (clear)

  1. Safari Popup Fix by nuxx · · Score: 4, Informative

    Also, it appears to contain a tweak to the Safari popup blocker, as it now seems to be blocking the new popunders that everyone has been clamoring about.

    This seems like a really good thing to me...

    1. Re:Safari Popup Fix by caerwyn · · Score: 4, Insightful

      Oooh, a troll! Well, maybe I'll feed it anyway.

      Advertisers pay a certain fee to a website. That fee is either flat, or based on a count of click-throughs. If the fee is flat, then my blocking of the popup has no bearing on the website as a whole. If the fee is non-flat, and a large percentage of the website's visiting population objects to popups and uses software (browser or add-on) that blocks such, then the website will suffer and perhaps look for other adversting sources. Either way, I really have no bearing or guilt on the situation. I use the technology at hand to view the content I want. I signed no contract saying I must view pop-up ads- therefore, I don't at all feel bound to do so.

      Websites will adapt to the changing pop-up blocking technology, or fail as a result. Either way, it is not my responsibility, as I don't manage the website.

      --
      The ringing of the division bell has begun... -PF
    2. Re:Safari Popup Fix by Zhe+Mappel · · Score: 5, Funny
      The Defender of Property blurted:

      In other words, it allows you to more effectively steal information and services from those who are kind enough to provide them for free, in exchange asking only for the opportunity to show you an easily ignored advertisement. Spoiled scum like you, with your obnoxiously oversized sense of entitlement, ought to be exiled to the desert, if you ask me. There you can establish your commune or whatever it is you hippies like to do, while we in civilized society will do our best to forget you.

      I cannot imagine a more selfish attitude towards the world than that which the teabagging cocksmokers of Slashdot bring to light.

      LOL! My good man, can you have reached the ripe age of harrumphing without having seen "The Big Lebowski"? You really owe it to yourself to see David Huddleston's performance as the titular character; it will cure you forever of the urge to use mothballed expressions such as "whatever it is you hippies like to do" and "we in civilized society." Conscious self-parody is one thing, after all, but your sleepwalking has moved me to unexpected sympathy in a way I've not felt since the prez fell off a Segway.

      Now, in any case, no one is under any obligation to view ads in any context. Nor should imposition, the sine qua non of advertising, be euphemized as "opportunity." It's your confusion of obedience with duty that has led to your arch and sniveling denigration of your ad-free fellow man. You, sir, are no advertisement for advertisements.

    3. Re:Safari Popup Fix by jcenters · · Score: 4, Insightful

      I think the key issue here is that pop-ups (unders, overs, etc.) are just plain annoying.

      This might be one of the reasons Google is so worshipped on here: They introduced a form of web advertising (Adsense) that is clean, simple, low-bandwidth, relevent, and most of all NOT ANNOYING.

      The solution for advertisers is simple: If you want your ads to be seen, don't make the user WANT to block your ads.

      Sure, pop-ups and spam might make a good deal of money, but I think it would be better for everyone if advertisers instead tried implementing solutions that don't put them at odds with the customers.

      More people will click and buy the products, and the web will be an overall better place.

      --

      vi ~/.emacs

    4. Re:Safari Popup Fix by Storlek · · Score: 5, Insightful

      Excellent point; you hit the nail on the head.

      Online advertisers are focusing too much on the short-term: get people to see the ad. Banners worked for a while, then everyone started ignoring them, so they went for more annoyingly sized and placed ads, popups, popunders, etc., which caught people's attention for a while. Then ad blockers came along, and suddenly online advertising came to a screeching halt as they tried to figure out how to get around them. Now they have, and look how quickly people are asking how to block the new popups.

      Most banner ads are completely useless, and I'm not missing anything by blocking. I don't need faster downloads and more local access numbers, and I don't care that I could win a free iPod by guessing which disembodied head is Britney Spears. Maybe if I had been looking at the homepage of some well-known overpriced dialup ISP, I would have greater than zero chance of caring that some other ISP is cheaper and faster; if I were reading a website about Britney Spears, I might want to get that iPod. Okay, the last one still wouldn't apply, since I already have an iPod, and don't like Britney Spears anyway, but that's beside the point.

      Other online advertisers should take a nice long look at AdSense, marvel in its simplicity and usefulness. I've seen online advertising grow up from the moderately tasteful small static banner image to the obnoxious beast that it's become and have never yet had any reason to click on a single one of them until AdSense came along and started providing relevant and interesting ads. In fact, oh-so-long ago, I didn't even know ad banners were clickable. I presume a lot of non-net-savvy people still don't realize it. This is another advantage of using text ads: people look at colored underlined text and equate it with "click this", whereas they see some out-of-place picture and mentally filter it out as irrelevant.

      --
      Bears don't normally eat things that talk and move backwards.
  2. Scary? Well... by JavaRob · · Score: 4, Interesting

    This is an serious bug and an important security update, and I'm not blowing that off... but I gotta live up to my username and point out the other side of the coin.

    So what happened is one version of the JVM, on OSX, has an exploitable flaw that still leaves it less dangerous than... well, Active-X, unflawed.

    It's not as serious a problem as it looks, also. They can't install a rootkit or anything like that, just because of the way OSX is designed. Say you have a Mac, and browsed to a site hosting a malicious applet (it's not a virus, so you'd have to *go* there to be in danger, and the website creator is obviously easier to trace than a virus writer). That applet could overwrite your documents, and wreak a lot of havoc, but you're not going to get owned. The Mac will prompt you for a password before it lets any software touch the core software (even its own security update!).

    So -- yes, get the fix if you've got a mac, but it's not "scary".

  3. Apple Proactive? by Undefined+Parameter · · Score: 4, Insightful

    Is it just me, or does it seem like Apple has a team of people working on *finding* bugs and security holes in OS X? Maybe it's just me, but the first I hear of a greater majority of problems with OS X is when Apple releases an update, which suggests that maybe Apple has something beyond a simple stress-testing beta team.

    Or maybe I just need more sleep.

    ~UP

    --
    Eat the Path.
  4. ANOTHER Security Update? by Anonymous Coward · · Score: 5, Funny

    geez Apple, it was barely a month since your last update. Not looking so good I gotta say.

    I might have to "unswitch" to Windows, they hardly have as many security fixes. It's as rock solid as a Kryptonite lock. -gko

  5. Not Just Apple ... by jlrobins_uncc · · Score: 4, Informative

    It's a bug which was present in Sun JVMS:

    http://sunsolve.sun.com/search/document.do?assetke y=1-26-57591-1&searchclause=57591

    Fixed in J2SE 5, J2SE 1.4.2_06, and J2SE 1.3.1_14.