Mac OS X Users Vulnerable To Major Java Flaw

FruitWorm writes in with word of a vulnerability in Java that has been patched by everyone but Apple. "Security researchers say that Mac OS X users are vulnerable to a critical, 6-month-old, remote vulnerability in Java, a component that is enabled by default in Web browsers on this platform. Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is 'a pure Java vulnerability' and doesn't involve any native code. It affected not only Sun's Java but other implementations such as OpenJDK, on multiple platforms, including Linux and Windows. 'This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers,' Julien wrote. This bug was demonstrated during the Pwn2own security challenge this year at CanSecWest, but the details were not made public at that time. Tinnes recommends that Mac OS X users disable Java in their browsers until Apple releases a security update."

why specify Mac OSX

[wjh31]

the summary seems to imply that this exploit is viable on "all the platforms, all the architectures and all the browsers" so why specify Mac OSX? It's not special and if an exploit is universal, it seems the title and summary should make this clear, rather than Focussing on OSX. Even a quick look through the linked articles fails to find much about OSX, is the OP just a mac user who finds it astonishing that his perfect OS could be vulnerable?

Re:Java and not javascript

[vertinox]

This is of course unrelated to Javascript which is much more disruptive when disabled.

Hrm... Does Javascript have the same flaw(s) on OS X?