Slashdot Mirror
Apple Finally Patches Java Vulnerability
macs4all writes "Apple has finally addressed the Java vulnerability that nearly everyone else patched months ago. Available now for OS X 10.4 and 10.5, and through Apple's Software Update service, this update patches a flaw in the Java Virtual Machine that could potentially allow a malicious Java applet to execute arbitrary code on the machine. Apple had previously advised users to turn off Java temporarily in their Web browsers."
It is truly sad that Apple still just don't "Get" security. Makes me a sad panda to think it is going to take some sort of devastating worm or virus for them to finally wake up and smell the shit they are pumping out.
...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.
Not that Apple doesn't suck, but you don't really need to troll for reasons.
(Bye, karma, nice knowing you...)
--saint
That's because it does!
Even after updating, I've found that's advice I can live with.
Do you work for Apple? Cause if your attitude is in any way related to theirs, I'll skip using their software thanks. "I can run anything on your harddrive" is trivial to leverage to "I can execute anything I want". Even the dumbest hacker can figure it out. Clearly you're dumber.
How we know is more important than what we know.
Had this been a post about Microsoft instead of Apple, I'd imagine there'd be a lot of "ha ha micro$0ft sucks" posts now.
Instead, there's a lot of "ha ha Apple sucks" posts, as one would expect since the story's about Apple and not MS.
I agree with this post. As a Mac owner I am glad, for whatever reason, viruses are of no concern to me. On my work computer my employer can spend whatever they want to support XP (and it is a great deal of money). But at home I get to relax, and ignore the issue completely.
They've been apple's problem since they took over porting java to the mac, and prevent sun from writing their own java for mac.
Apple Guy "Halt who goes there"
Black Haxor "It is I the black haxor, I seek the finest computer coders to join me in my quest"
Apple Guy " You shall not pass"
Black Haxor "What ?"
Apple Guy "Non shall pass"
Black Haxor "I have no quarrel with you, good sir, but I must move on"
Apple Guy "Then you shall first install photoshop and make an offering at the alter of Steve and promise to buy hardware at twice the price from the lords of apple".
Black Haxor "I command you to stand aside! for I am the Black Haxor"
Apple Guy "I move for no man for I am impervious to all your tricks for I run OSX"
Black Haxor "So be it"
[Black Haxor pulls out his laptop and starts to type]
[HAH]
Apple Guy "What have you done ?"
Black Haxor "I have exploited a java script bug on your system and signed you up as the local leader for the "Pedo's Rights" association and then passed the details on to the the local parents and teachers group"
Apple Guy "what is this trickery, for such is impossible, you lie"
[a rabble of middle aged parents turn up]
Crowd "THERE HE IS, GET HIM!!"
Apple Guy "BAH! Tis but a lie"
Black Haxor "run man, they weld clubs and carry petrol containers and mean harm upon you"
Apple Guy "They do not wish me harm as my laptop colour matches my shoes, thus they come to tell me how great my karma is"
[15 minutes later the Black Haxor is staring at a smoldering pile on the ground]
Black Haxor "Sigh"
[Crosses bridge]
Normally I absolutely agree. Most vulnerabilities are overhyped. Not this one though. Read this article and click the link to a page that runs /usr/bin/say on your unpatched machine.
http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html
Yeah. Those losers should stop running their iTunes store with Java. Lame Java haters!
http://en.wikipedia.org/wiki/WebObjects No, I didn't just edit it, but I suppose it's ripe for vandalism now.
Not like your conjecture is without merit. I mean, what can explain their slowness in Java porting? I wish I knew. It's a real annoyance.
To be mildly fair, us mere mortals aren't getting WebObjects updates anymore, but they don't seem to be slowing down their usage of it at iTunes & the Apple store and dev sites. Perhaps they're going to migrate more things to SproutCore once BitBurger et al gets released. Although that doesn't provide them with a back-end, and I'm not utterly convinced that RoR is up to the demand, inclusion in OS X notwithstanding. If only more Erlang/Mnesia would roll out.
As a Mac owner I am glad, for whatever reason, viruses are of no concern to me.
...
But at home I get to relax, and ignore the issue completely.
Until the day you can't. I am sorry, but you make me want to troll the net for the next security issue that is resolved in Linux and/or Windows, but Apple drags their feet on (again). Then I can use it to F with people like you. Your confidence comes from your ignorance.
.... full of crap."
Here is the sad truth, Both the Linux/BSD communities and Microsoft take security more seriously than Apple.
Apply repeatedly leaves a lot of holes open longer then they should be. I am thinking iTunes may present a nice target vector, but there have been so many in the past and I am sure there will be more in the future.
I can see the HP/MS commercial now during the Superbowl next year:
PC - "Hi, I'm a PC"
MAC - "and I'm
PC - "Oh, MAC. While your designers were working to change your outsides from white to aluminum they didn't have time to patch the latest security threats to your OS."
MAC - "All my music, all my pictures and all my home movies, gone, the worm even reformated my Time Machine drive and replaced restore points with pointers to an image of a piece of shit and a burning NEXT cube."
PC - "Well, MAC, you like to talk a big game, but you are not good at playing the big game. So let everyone go back to those who can; first with the guys in Superbowl 44 and then with Windows 7 on their next laptop."
Respect the Constitution
It worked for me after I quit my running browsers.
The CB App. What's your 20?