Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Finally Patches Java Vulnerability

Posted by kdawson on from the gentlemen-restart-your-sandboxes dept.

macs4all writes "Apple has finally addressed the Java vulnerability that nearly everyone else patched months ago. Available now for OS X 10.4 and 10.5, and through Apple's Software Update service, this update patches a flaw in the Java Virtual Machine that could potentially allow a malicious Java applet to execute arbitrary code on the machine. Apple had previously advised users to turn off Java temporarily in their Web browsers."

9 of 177 comments (clear)

  1. Re:Old versions. by Anonymous Coward · · Score: 5, Informative

    ...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.

    Apple sucks for different reasons:

    Apple PREVENTS Sun (by contract) from releasing java patches. Mac users get their java patches whenever Apple feels like it and gets a round to it.

  2. Re:Old versions. by saintlupus · · Score: 5, Funny

    Really? You couldn't read the next line in my post? The one where I say that Apple sucks? You sat there, in the basement, veins straining in your forehead, lips moving dumbly, willing your way to the end of that first sentence and just ran out of steam?

    Well, good work on writing a reply, anyway.

    --saint

  3. Just turn off Java by Anonymous Coward · · Score: 5, Insightful

    Apple had previously advised users to turn off Java temporarily in their Web browsers

    Even after updating, I've found that's advice I can live with.

  4. Re:Slashdot Bias by node+3 · · Score: 5, Funny

    Had this been a post about Microsoft instead of Apple, I'd imagine there'd be a lot of "ha ha micro$0ft sucks" posts now.

    Instead, there's a lot of "ha ha Apple sucks" posts, as one would expect since the story's about Apple and not MS.

  5. Re:Java is now Apple's problem? by patman600 · · Score: 5, Informative

    They've been apple's problem since they took over porting java to the mac, and prevent sun from writing their own java for mac.

  6. The Black Haxor by EEPROMS · · Score: 5, Funny

    Apple Guy "Halt who goes there"
    Black Haxor "It is I the black haxor, I seek the finest computer coders to join me in my quest"
    Apple Guy " You shall not pass"
    Black Haxor "What ?"
    Apple Guy "Non shall pass"
    Black Haxor "I have no quarrel with you, good sir, but I must move on"
    Apple Guy "Then you shall first install photoshop and make an offering at the alter of Steve and promise to buy hardware at twice the price from the lords of apple".
    Black Haxor "I command you to stand aside! for I am the Black Haxor"
    Apple Guy "I move for no man for I am impervious to all your tricks for I run OSX"
    Black Haxor "So be it"
    [Black Haxor pulls out his laptop and starts to type]
    [HAH]
    Apple Guy "What have you done ?"
    Black Haxor "I have exploited a java script bug on your system and signed you up as the local leader for the "Pedo's Rights" association and then passed the details on to the the local parents and teachers group"
    Apple Guy "what is this trickery, for such is impossible, you lie"
    [a rabble of middle aged parents turn up]
    Crowd "THERE HE IS, GET HIM!!"
    Apple Guy "BAH! Tis but a lie"
    Black Haxor "run man, they weld clubs and carry petrol containers and mean harm upon you"
    Apple Guy "They do not wish me harm as my laptop colour matches my shoes, thus they come to tell me how great my karma is"
    [15 minutes later the Black Haxor is staring at a smoldering pile on the ground]
    Black Haxor "Sigh"
    [Crosses bridge]

  7. Re:Apple is not a fan of Java by konohitowa · · Score: 5, Insightful

    Yeah. Those losers should stop running their iTunes store with Java. Lame Java haters!

    http://en.wikipedia.org/wiki/WebObjects No, I didn't just edit it, but I suppose it's ripe for vandalism now.

    Not like your conjecture is without merit. I mean, what can explain their slowness in Java porting? I wish I knew. It's a real annoyance.

    To be mildly fair, us mere mortals aren't getting WebObjects updates anymore, but they don't seem to be slowing down their usage of it at iTunes & the Apple store and dev sites. Perhaps they're going to migrate more things to SproutCore once BitBurger et al gets released. Although that doesn't provide them with a back-end, and I'm not utterly convinced that RoR is up to the demand, inclusion in OS X notwithstanding. If only more Erlang/Mnesia would roll out.

  8. Re:maybe by jackspenn · · Score: 5, Interesting

    As a Mac owner I am glad, for whatever reason, viruses are of no concern to me.

    ...

    But at home I get to relax, and ignore the issue completely.

    Until the day you can't. I am sorry, but you make me want to troll the net for the next security issue that is resolved in Linux and/or Windows, but Apple drags their feet on (again). Then I can use it to F with people like you. Your confidence comes from your ignorance.

    Here is the sad truth, Both the Linux/BSD communities and Microsoft take security more seriously than Apple.

    Apply repeatedly leaves a lot of holes open longer then they should be. I am thinking iTunes may present a nice target vector, but there have been so many in the past and I am sure there will be more in the future.

    I can see the HP/MS commercial now during the Superbowl next year:

    PC - "Hi, I'm a PC"
    MAC - "and I'm .... full of crap."
    PC - "Oh, MAC. While your designers were working to change your outsides from white to aluminum they didn't have time to patch the latest security threats to your OS."
    MAC - "All my music, all my pictures and all my home movies, gone, the worm even reformated my Time Machine drive and replaced restore points with pointers to an image of a piece of shit and a burning NEXT cube."
    PC - "Well, MAC, you like to talk a big game, but you are not good at playing the big game. So let everyone go back to those who can; first with the guys in Superbowl 44 and then with Windows 7 on their next laptop."

    --
    Respect the Constitution
  9. Re:Old versions. by ThrowAwaySociety · · Score: 5, Informative

    ...Its not like Sun needs Apple in order to produce Java for the Mac.

    Sun did a JVM for the Classic Mac OS, and by all accounts it sucked. As in, it was barely usable. This is why Apple (contractually) locked Sun out of delivering Java on OS X. At the time, Apple was bullish on Java, and invested some considerable resources making OS X's JVM integrated into the rest of the OS.

    Unfortunately, Apple no longer gives a shit about Java, and it shows. But Sun is still locked out, as far as I know.

    Or is this like the graphics drivers where only Apple has access to the "secret bits" necessary for a JVM to do all the things that the current Mac JVM does?
    How hard would it be to just port OpenJDK/IceTea/whatever to Mac and be done with it?

    There already is. It's the only way to get Java 6 on PowerPC and 32-bit Intel Macs, or on 10.4.x

    Unfortunately, it relies on X11 for its GUI, which is generally a big non-starter on the Mac. Also, I don't believe it's possible to use it as the JVM for Java applets in a browser, probably for the same reason.