Apple lags on Java security fix in OS X
While Apple's safety record is pretty good--that is to say the actual number of security breaches on the platform is small--it still has some work to do in terms of its reputation for security. The company is often close-mouthed about its process for dealing with security fixes, and though it does issue updates throughout the year, vulnerabilities sometimes go unpatched for months at a time.
Case in point: a Java vulnerability first patched by Sun over six months ago that's still open in Mac OS X. Despite the recent security fixes in 10.5.7, this issue has still not yet been fixed in OS X.
While Java isn't one of Apple's own homegrown systems, it's included by default with OS X, and in such a situation Apple is still responsible for rolling out fixes from third-party vendors when they become available. Java, in particular, is important for several reasons. For one, as stated, it's installed and active by default in OS X; for another, its cross-platform, near ubiquitous nature makes it a tempting target for hackers; finally, it's usually accessible via a Web browser, putting even the average user at risk.
The particular vulnerability in question is rather technical--if you're interested in the details, you can check out this blog post by Sami Kovu, who discovered the flaw. The upshot, however, is that a Java applet loaded in your Web browser could execute arbitrary code with your current permissions. Noted Mac OS X developer Landon Fuller has a proof of concept of the bug on his site; he also offers some steps that Mac users can take to help protect themselves: specifically, disable the "open 'safe' files after downloading" in Safari (which is pretty much always a good idea) and turn off Java support in your Web browser.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
mac
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.













