Mac OS X Users Vulnerable To Major Java Flaw

FruitWorm writes in with word of a vulnerability in Java that has been patched by everyone but Apple. "Security researchers say that Mac OS X users are vulnerable to a critical, 6-month-old, remote vulnerability in Java, a component that is enabled by default in Web browsers on this platform. Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is 'a pure Java vulnerability' and doesn't involve any native code. It affected not only Sun's Java but other implementations such as OpenJDK, on multiple platforms, including Linux and Windows. 'This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers,' Julien wrote. This bug was demonstrated during the Pwn2own security challenge this year at CanSecWest, but the details were not made public at that time. Tinnes recommends that Mac OS X users disable Java in their browsers until Apple releases a security update."

Why am I not surprised?

[briggsl]

I'm going to get modded down as flamebait here, but lets face it, unless it pretties up the OS, Apple will ignore it. Security hasn't exactly been their strong point

Re:Why am I not surprised?

[drinkypoo]

The problem with Apple is not that they don't take security seriously.

I think it's clear from the outdated state of Open Source components in OSX that Apple does not take security seriously.

But the corporate culture at Apple is secrecy. They must figure that documenting every patch serves only to draw a roadmap for hackers. This "security through obscurity" approach is in dramatic contrast to Microsoft's.

Security through obscurity doesn't work. Numerous hackers have said OSX is less secure than Windows or Linux. But don't let the facts get involved, eh?

As for "prettying up the OS" I'd argue that current versions of the open source Gnome and KDE desktops, with compositing enabled, are probably prettier than Mac OS in most respects.

The smoothness/speed of animation in Compiz is shit. I say this speaking as someone with a Quadro 2700M. Don't let me hear that bullshit about how a Quadro isn't meant for performance, because I can play HL2 at 1920x1080 with all the detail turned up and FSAA turned on and still peg the FPS at vblank. With my former Quadro 1500M and with Xgl (Xgl is dead, long live Xgl) the Magic Lamp animation (for example) was smooth. It is seriously chunky without Xgl. OSX and Vista both have smoother window animations than Compiz.

This latest story only reinforces the generalization that Scripting Is Dangerous.

Java, not Javascript. You have no idea what you are talking about whatsoever, and neither do the moderators who modded you up.