Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Nabs Java Exploit That Bypassed Disabled Plugin

Posted by timothy on from the heading-them-off-before-they-head-you-off dept.

Trailrunner7 writes "Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X."

2 of 97 comments (clear)

  1. Java and flash... by sdsucks · · Score: 4, Insightful

    Incredibly, still the biggest shit on the internet.

    Too bad, as a language I actually like Java. Flash is crap though, always was, always will be.

    1. Re:Java and flash... by JDG1980 · · Score: 4, Insightful

      Windows could have been sandboxed too making it impossible to edit system files, access files outside the installation directory too. Also autobooting at start should be something only the user can choose and can't be automatically checked. This would have rendered most viruses useless. This should have been done circa 1995-98 when the Internet was just going mainstream.

      The problem is that circa 1995-98, the average home PC simply wasn't powerful enough to handle this kind of sandboxing while maintaining acceptable performance. Windows 9x basically ran on bare metal (one bad app could easily bring the whole system down) and there was no such thing as security. It was crude, but it was the best you could do on a Pentium 100 with 8 megs of RAM (16 if you were lucky). A modern smartphone leaves these old systems in the dust. The Windows NT series has a Unix-style security model, though it was undermined by the need for backwards compatibility forcing regular users to run as administrator (UAC was a belated attempt to fix this). But this also means that NT needs a faster processor and a lot more RAM than 9x. The first home version of Windows based on the NT kernel was XP, and people were all up in arms about its "outrageous" system requirements back in 2001.

      Nowadays, you can usually get away with running as a limited user and escalating only when installing or updating a program from a trusted source. I agree that sandboxing could be more sophisticated than it is on Windows, but this isn't a unique flaw; in fact, it's a result of copying the outdated Unix security model, which assumes that the program is the user and would do roughly what the user wanted (maybe true in the 1970s on shared university systems, but obvious nonsense now).