Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Finally Patches Java Vulnerability

Posted by kdawson on from the gentlemen-restart-your-sandboxes dept.

macs4all writes "Apple has finally addressed the Java vulnerability that nearly everyone else patched months ago. Available now for OS X 10.4 and 10.5, and through Apple's Software Update service, this update patches a flaw in the Java Virtual Machine that could potentially allow a malicious Java applet to execute arbitrary code on the machine. Apple had previously advised users to turn off Java temporarily in their Web browsers."

9 of 177 comments (clear)

  1. Re:Old versions. by Anonymous Coward · · Score: 5, Informative

    ...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.

    Apple sucks for different reasons:

    Apple PREVENTS Sun (by contract) from releasing java patches. Mac users get their java patches whenever Apple feels like it and gets a round to it.

  2. Re:maybe by QuantumG · · Score: 4, Informative

    Do you work for Apple? Cause if your attitude is in any way related to theirs, I'll skip using their software thanks. "I can run anything on your harddrive" is trivial to leverage to "I can execute anything I want". Even the dumbest hacker can figure it out. Clearly you're dumber.

    --
    How we know is more important than what we know.
  3. Re:Old versions. by Anonymous Coward · · Score: 4, Informative

    I'm not trying to grief, and it is certainly consistent with reality, but is this documented anywhere?

    Sure. Only Apple can release java for mac. Something about look & feel and/or quality assurance.

    http://blog.cr0.org/2009/05/write-once-own-everyone.html
    http://java.dzone.com/news/critical-mac-osx-java

    Look at the "java downloads for all operating systems" webpage:

    http://www.java.com/en/download/manual.jsp

    Notice that you can't download java for mac from Sun?

  4. Re:Java is now Apple's problem? by patman600 · · Score: 5, Informative

    They've been apple's problem since they took over porting java to the mac, and prevent sun from writing their own java for mac.

  5. Re:maybe by SpazmodeusG · · Score: 4, Informative

    Normally I absolutely agree. Most vulnerabilities are overhyped. Not this one though. Read this article and click the link to a page that runs /usr/bin/say on your unpatched machine.
    http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html

  6. Re:SAD :( by interactive_civilian · · Score: 4, Informative

    Apple is now at the point where Microsoft was in 1998.

    In 1998, there were tens of thousands of Windows viruses (I remember reading a number like over 40,000, but I can't find a source), while at the same time, MacOS 8 had 7 or so, all of which were protected from freely by the anti-virus program Disinfectant. While I can't find a direct source for my Windows numbers, here's an article that makes it look like 1998 was not a very good year for Windows viruses. Even if my memories are off by an order of magnitude or two, it still wasn't a good time for Windows and viruses.

    Are you honestly saying that Apple is at that point right now? We have yet to see an actual MacOS X virus in the wild, and there have been how many Trojans in the wild so far? 4?

    --
    "Empathise with stupidity, and you're halfway to thinking like an idiot." - Iain M. Banks
  7. Re:SAD :( by pauljlucas · · Score: 3, Informative

    ... [A]pple has the benefit of running a bsd based kernel.

    It's a Mach-based kernel in a BSD-like environment.

    --
    If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
  8. Re:Old versions. by ThrowAwaySociety · · Score: 5, Informative

    ...Its not like Sun needs Apple in order to produce Java for the Mac.

    Sun did a JVM for the Classic Mac OS, and by all accounts it sucked. As in, it was barely usable. This is why Apple (contractually) locked Sun out of delivering Java on OS X. At the time, Apple was bullish on Java, and invested some considerable resources making OS X's JVM integrated into the rest of the OS.

    Unfortunately, Apple no longer gives a shit about Java, and it shows. But Sun is still locked out, as far as I know.

    Or is this like the graphics drivers where only Apple has access to the "secret bits" necessary for a JVM to do all the things that the current Mac JVM does?
    How hard would it be to just port OpenJDK/IceTea/whatever to Mac and be done with it?

    There already is. It's the only way to get Java 6 on PowerPC and 32-bit Intel Macs, or on 10.4.x

    Unfortunately, it relies on X11 for its GUI, which is generally a big non-starter on the Mac. Also, I don't believe it's possible to use it as the JVM for Java applets in a browser, probably for the same reason.

  9. Re:158MB and the Update will not install! by bennomatic · · Score: 3, Informative

    It worked for me after I quit my running browsers.

    --
    The CB App. What's your 20?