Apple lags on Java security fix in OS X
While Apple's safety record is pretty good--that is to say the actual number of security breaches on the platform is small--it still has some work to do in terms of its reputation for security. The company is often close-mouthed about its process for dealing with security fixes, and though it does issue updates throughout the year, vulnerabilities sometimes go unpatched for months at a time.
Case in point: a Java vulnerability first patched by Sun over six months ago that's still open in Mac OS X. Despite the recent security fixes in 10.5.7, this issue has still not yet been fixed in OS X.
While Java isn't one of Apple's own homegrown systems, it's included by default with OS X, and in such a situation Apple is still responsible for rolling out fixes from third-party vendors when they become available. Java, in particular, is important for several reasons. For one, as stated, it's installed and active by default in OS X; for another, its cross-platform, near ubiquitous nature makes it a tempting target for hackers; finally, it's usually accessible via a Web browser, putting even the average user at risk.
The particular vulnerability in question is rather technical--if you're interested in the details, you can check out this blog post by Sami Kovu, who discovered the flaw. The upshot, however, is that a Java applet loaded in your Web browser could execute arbitrary code with your current permissions. Noted Mac OS X developer Landon Fuller has a proof of concept of the bug on his site; he also offers some steps that Mac users can take to help protect themselves: specifically, disable the "open 'safe' files after downloading" in Safari (which is pretty much always a good idea) and turn off Java support in your Web browser.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
mac
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
