Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Users Vulnerable To Major Java Flaw

Posted by kdawson on from the write-once-own-everyone dept.

FruitWorm writes in with word of a vulnerability in Java that has been patched by everyone but Apple. "Security researchers say that Mac OS X users are vulnerable to a critical, 6-month-old, remote vulnerability in Java, a component that is enabled by default in Web browsers on this platform. Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is 'a pure Java vulnerability' and doesn't involve any native code. It affected not only Sun's Java but other implementations such as OpenJDK, on multiple platforms, including Linux and Windows. 'This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers,' Julien wrote. This bug was demonstrated during the Pwn2own security challenge this year at CanSecWest, but the details were not made public at that time. Tinnes recommends that Mac OS X users disable Java in their browsers until Apple releases a security update."

7 of 306 comments (clear)

  1. Great interoperability by Chrisq · · Score: 5, Funny

    'This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers,'

    And the Java critics said total platform independence was impossible!

    1. Re:Great interoperability by x2A · · Score: 4, Funny

      Yay this is gonna be so much easier than trying to ship Wine with my viruses...

      --
      The revolution will not be televised... but it will have a page on Wikipedia
    2. Re:Great interoperability by AJ+Mexico · · Score: 3, Funny

      And the Java critics said total platform independence was impossible!

      Nonsense! For years Java apps have been producing platform-independent error messages on all platforms equally. Fortunately, the exploit will probably error out too!

      --
      Computers obey me.
    3. Re:Great interoperability by sootman · · Score: 4, Funny

      Am I the only one who first read that headline as "Mac OS X Users Vulnerable To Major Lava Flow"?

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  2. Re:To be expected by perryizgr8 · · Score: 2, Funny

    The (untrue) assumption that many people seem to hold that Macs are just invulnerable to anything bad happening has finally spread to Apple itself, and they're the last to patch this exploit. Since a lot of Mac advertising used to be based on "Macs don't get Viruses" you'd think they'd have been the first to patch this to maintain their reputation. Yes I know I'm probably going to get modded down immediately for saying this, but hell, it's the truth.

    yes, you were correct about ONE thing,

    --
    Wealth is the gift that keeps on giving.
  3. Incorrect by Anonymous Coward · · Score: 1, Funny

    As we know from that one Mac vs. PC commercial, Macs don't get viruses. And if something is invulnerable to viruses, it has no flaws of any kind. Implying that Macs have a Java flaw implies they can get infected, correct? Which means they can get viruses, which obviously cannot be true, if that Mac Genius, Megan commercial is correct.

  4. Re:To be expected by d-signet · · Score: 2, Funny

    the best thing about this exploit...."it just works" :o)

    --
    Error 404 : Witty signature not found