W
walter_f
Aktives Mitglied
Thread Starter
- Dabei seit
- 20.02.2006
- Beiträge
- 3.169
- Reaktionspunkte
- 164
9 Month Old Critical Java Vuln. Still Not Patched in Mac OS X
posted by Thom Holwerda on Tue 19th May 2009 22:20 UTC
Six months ago, a certain security flaw in Java was fixed by Sun. This flaw was present in OpenJDK, GIJ, icedtea and Sun's JRE, but it got fixed in those. There's one important shipping Java implementation that still has not been fixed to remove this security flaw: Apple's Java.
This bug is pretty old, first reported to Sun in August last year. While most operating systems have mostly been patched by now, because they use Sun's JRE or any of the other fixed implementations, Apple's impementation still hasn't been fixed (not even in last week's 10.5.7 update).
...
"In general Apple has been a little slower to apply upstream security updates in Java," said Dino Dai Zovi, an independent security researcher and co-author of The Mac Hacker's Handbook, "Whenever basically they're lagging behind a vulnerability that's out and known, it's pretty significant. Potential hackers don't have to discover anything new; they can use a vulnerability that's already released."
For now, the best idea is to disable Java while on Mac OS X, and wait for Apple to get its act together on this one.
http://www.osnews.com/story/21522/9_Month_Old_Critical_Java_Vuln_Still_Not_Patched_in_Mac_OS_X
Walter.
posted by Thom Holwerda on Tue 19th May 2009 22:20 UTC
Six months ago, a certain security flaw in Java was fixed by Sun. This flaw was present in OpenJDK, GIJ, icedtea and Sun's JRE, but it got fixed in those. There's one important shipping Java implementation that still has not been fixed to remove this security flaw: Apple's Java.
This bug is pretty old, first reported to Sun in August last year. While most operating systems have mostly been patched by now, because they use Sun's JRE or any of the other fixed implementations, Apple's impementation still hasn't been fixed (not even in last week's 10.5.7 update).
...
"In general Apple has been a little slower to apply upstream security updates in Java," said Dino Dai Zovi, an independent security researcher and co-author of The Mac Hacker's Handbook, "Whenever basically they're lagging behind a vulnerability that's out and known, it's pretty significant. Potential hackers don't have to discover anything new; they can use a vulnerability that's already released."
For now, the best idea is to disable Java while on Mac OS X, and wait for Apple to get its act together on this one.
http://www.osnews.com/story/21522/9_Month_Old_Critical_Java_Vuln_Still_Not_Patched_in_Mac_OS_X
Walter.