Apple Fixes Java Vulnerabilities

By the Betanews Staff | Published April 19, 2006, 3:58 PM

Apple has issued a security update to patch a potential vulnerability within Java affecting Mac OS X 10.4.5. A specially crafted application could bypass built-in security and allow access to system files by an intruder. The problem is located within Java Web Start, which loads Java applications over the Internet.

Also, other bugs within the Java runtime that pose a potential security risk were also fixed as part of the update. Mac OS X is not the only operating system affected by the issues. Windows, Solaris and Linux are also vulnerable. In February, Sun issued an advisory warning of both flaws, and said at the time that no reports of attackers exploiting the issues had been received.

Comments

Hmm, I thought that was the reason to use Java in the first place because stuff like this couldn't happen? I guess nobody bothered to check the loaders sandbox.

DOH!

Score: 0

|

Funny--no msjava vulnerability exploits anymore--only Sun Java. I find that interesting...

Score: 0

|

That's because there is no MS Java anymore. Sun took care of that via the legal system when MS intentionally horked it's Java implementation, in direct viloation of their Sun contract, to advance its' own C# initiative. The thought was if they could prove to users that Java was a buggy language, then they could easily sell them on the idea of wanting C# implementations done for them instead of Java.

Ka-CHING!!!

Score: 0

|

Well--msjava still exists on my pc. Instal windows xp WITHOUT any service packs slipstreamed, then install sp2--bada-boom bada-bing...

Score: 0

|

Yeah, same here. I actually prefer MS Java VM to Sun's Java runtime bcos MS Java VM is much faster.

Anyway, this article only proves once again that nothing is secure. MacOS + Sun Java --> not secure either (although arguably more secure than Windows).

Score: 0

|

..... lol ....
where are the fanboys now ???

Score: 0

|

First, read the article...
But just in case you missed it it says

"Mac OS X is not the only operating system affected by the issues. Windows, Solaris and Linux are also vulnerable. In February, Sun issued an advisory warning..."

Wow... a vulnerablility in a 3rd party Java plugin that affects Windows, Solaris, OSX and Linux, WOW!

That vulnerability pretty much affects everyone so read before you start pointing the finger and starting the "my OS is better than yours" bullsh*t

Score: 0

|

Rather then simply focusing on the Java deficiency that effects all of the platforms, it seems the real focus is on the response to the common threat. And it seems that while Sun has issued an advisory (I guess it's nice to know that you are exposed!), ONLY Apple has thus far posted a fix for the vulnerability!

Let's see, MS can't get Vista to run under EFI and subsequently kills support for it in Vista - despite EFI being out x86 for only 8 years now, and now Apple is the first to develop a fix. If anything, the Apple developers seem to have a few steps up on the folks in Redmond.

Rather then seeing this article as focusing on Apple and a software deficiency, it seems that the correct focus is on Apple's being first to remediate the situation.
;-)

Score: 0

|

You are forgetting that Windows has a 90% or so marketshare. Every single patch that they release has to go through 10 times as much QA as others. Also, Windows is being used by most enterprises. The same cant really be said of MacOS.

This makes it even more important to ensure that a patch does not cause any side effect.

Even then, they still screw up once in a while. Although most of the time, you dont hear system admins complaining about certain MS patch screwing up their systems.

Score: 0

|

Before it can tackle Windows, Chrome must leave Safari in the dust

It's a little browser with dreams of becoming a bigger operating system some day. But while it's chasing Microsoft's dreams, Chrome's tail is being chased by Apple.

Silverlight 3 goes live on Microsoft's servers

Microsoft's answer to Adobe's Flash is (unofficially) here, with prospects of higher-speed, higher-resolution video and for the first time, 3D.

Best Buy-brand TVs to get TiVo

A new alliance will place the retailer's own brand alongide the manufacturers, and could also lead to future partnerships on services.

Three Android phones on the way from T-Mobile in 2009

T-Mobile's myTouch 3G, launched Wednesday, will be followed by two more Android phones later this year, but neither of them will be HTC's Hero.

LTE still lacks a voice

The 4G Wireless standard that Verizon hopes to show off before this year is out is still at a loss for (spoken) words.

T-Mobile's strategy to combat Apple's iPhone with Android

With a trio of Android phones now in the pipeline for 2009, T-Mobile hopes to break the iPhone's emerging stranglehold.

EC's Reding: Government should act as broker for media downloads

If Internet media services don't step up and build an attractive way for users to start paying for downloads, a commissioner says, government may do the job instead.

Sony TVs get Netflix, still no PS3

Though it's coming in behind LG, Samsung, and Microsoft, Sony will begin to offer Netflix streaming, too.

Google Chrome OS: Too little, too early

Carmi Levy: Wide Angle Zoom Don't start the revolution just yet, says Carmi, who isn't so certain Chrome OS will be the "Windows Killer."

GAO pen test brings the hammer down on federal rent-a-cops

But are the computers to blame for the contract-guard fiasco at FPS?

What's Next: Chrome OS will have at least some friends in high places

Also: South Korea takes another round of DDoS abuse, and Neelie Kroes and Steve Ballmer may shake hands before she exits stage left.

Data sharing among online advertisers: Is sanity in sight?

Lockdown with Angela Gunn In the middle of a 15-page plea not to get regulated, a spark of smart thinking.

PST Recovery Software 12.0

July 9 - 11:34 PM ET

Unistal Data Recovery 12.08.06

July 9 - 11:09 PM ET

BKF Repair 3.0

July 9 - 10:54 PM ET

Vuze for Windows 4.2.0.4

July 9 - 6:26 PM ET

UltraVNC 1.0.6.4

July 9 - 6:05 PM ET

WildBit Viewer 5.5 Beta 3.0

July 9 - 5:44 PM ET