Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Finally Patches Java Vulnerability

Posted by kdawson on from the gentlemen-restart-your-sandboxes dept.

macs4all writes "Apple has finally addressed the Java vulnerability that nearly everyone else patched months ago. Available now for OS X 10.4 and 10.5, and through Apple's Software Update service, this update patches a flaw in the Java Virtual Machine that could potentially allow a malicious Java applet to execute arbitrary code on the machine. Apple had previously advised users to turn off Java temporarily in their Web browsers."

12 of 177 comments (clear)

  1. SAD :( by Anonymous Coward · · Score: 4, Insightful

    It is truly sad that Apple still just don't "Get" security. Makes me a sad panda to think it is going to take some sort of devastating worm or virus for them to finally wake up and smell the shit they are pumping out.

    1. Re:SAD :( by TinBromide · · Score: 3, Insightful

      I get the funniest looks when I say that Apple has had the benefit of security via obscurity and when it comes to security measures, Apple is now at the point where Microsoft was in 1998. Yes, mod me troll, but as you do so, you know that Apple hasn't had the same trial by fire that Microsoft has. If you look at the yearly exploit conferences, OS X doesn't fare much better than Windows, and that's only because apple has the benefit of running a bsd based kernel. Picking a more secure solution from the get-go doesn't mean that they can maintain and do the required preventative patching measures.

      --
      Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
    2. Re:SAD :( by Anonymous Coward · · Score: 2, Insightful

      Apple has a special interest in being slow about Java. If Java "works beautifully and unproblematically" on the Mac, then that eats into the Cocoa market by a slippery slope of argument:

      1. "Why develop in Cocoa when Java works beautifully on Macs but can also run on other platforms too?"
      2. "Hey now we've got this wonderful Java thing that runs on Windows and Mac"
      3. "Hang on, there are 5 to 10 times as many Windows users so we should target the bigger market"
      4. "Hmm, looks like we're now treating Mac as a second-tier platform; oh well"

      The easiest way to stop developers from sliding down slippery argument is to ensure step 1 does not hold.

    3. Re:SAD :( by pjt33 · · Score: 3, Insightful

      The post I replied to said that Apple is *now* where Microsoft was in 1998.

      In fairness, the post you replied to said that

      when it comes to security measures, Apple is now at the point where Microsoft was in 1998

      not, "when it comes to number of worms, viruses and trojans, ...".

    4. Re:SAD :( by dfghjk · · Score: 2, Insightful

      "Mac OS software takes special pride in its taste and aesthetics - something Java can never achieve."

      Nonsense, it just hasn't achieved it to date.

      "And now as more users and developers focus on notebooks, resource hungry Java applications are again bad fit."

      Tell that to Android.

      "Spinning cycles for nothing is forgivable on desktops and servers - not on notebooks."

      I think you got that backwards, fanboy.

  2. Old versions. by saintlupus · · Score: 4, Insightful

    ...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.

    Not that Apple doesn't suck, but you don't really need to troll for reasons.

    (Bye, karma, nice knowing you...)

    --saint

    1. Re:Old versions. by shentino · · Score: 2, Insightful

      Interesting that people who willingly "kiss their karma goodbye" and make statements to that effect are the ones who wind up with the upmods?

    2. Re:Old versions. by jonwil · · Score: 2, Insightful

      Ok, so is there any reason why a proper native OpenJDK port (that works in all the browsers and doesn't use X11) wouldnt be possible? Is it just a case of "patches wanted" or are there undocumented/hidden/internal parts of OSX that only Apple can use that are needed for a full JVM?

  3. Slashdot Bias by Anonymous Coward · · Score: 0, Insightful

    Had this been a post about Microsoft instead of Apple, I'd imagine there'd be a lot of "ha ha micro$0ft sucks" posts now.

  4. Time to chide Apple by MillionthMonkey · · Score: 1, Insightful

    Rich also chided Apple for leaving such a major hole unpatched for so long.

    Yeah, Apple, a meager market share (not accounting for cost per unit of course) isn't an excuse to leave stuff like this busted. I hereby CHIDE you!

  5. Just turn off Java by Anonymous Coward · · Score: 5, Insightful

    Apple had previously advised users to turn off Java temporarily in their Web browsers

    Even after updating, I've found that's advice I can live with.

  6. Re:Apple is not a fan of Java by konohitowa · · Score: 5, Insightful

    Yeah. Those losers should stop running their iTunes store with Java. Lame Java haters!

    http://en.wikipedia.org/wiki/WebObjects No, I didn't just edit it, but I suppose it's ripe for vandalism now.

    Not like your conjecture is without merit. I mean, what can explain their slowness in Java porting? I wish I knew. It's a real annoyance.

    To be mildly fair, us mere mortals aren't getting WebObjects updates anymore, but they don't seem to be slowing down their usage of it at iTunes & the Apple store and dev sites. Perhaps they're going to migrate more things to SproutCore once BitBurger et al gets released. Although that doesn't provide them with a back-end, and I'm not utterly convinced that RoR is up to the demand, inclusion in OS X notwithstanding. If only more Erlang/Mnesia would roll out.