Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Java Plug-in Flaw

The plug-in vulnerability raises the stakes, because it opens the possibility of infecting any operating system--Microsoft Windows, Linux and Apple Computer's Mac OS X--on which Sun's Java component can run.
Click to expand...

Doesn't OS X use Apple Java instead of Sun Java? If you try to install Sun Java, it just directs you to Apple's site. I did notice, however, that further down the article it says that the security hole hasn't been confirmed on OS X.
 
Nermal said:
Doesn't OS X use Apple Java instead of Sun Java? If you try to install Sun Java, it just directs you to Apple's site. I did notice, however, that further down the article it says that the security hole hasn't been confirmed on OS X.
Click to expand...

The article I read last week said that Mac OS X was not vulnerable, so I'm not sure what's happening with it. However, considering how you need an extra browser plug-in to use Java with something other than Safari, it might be trouble to run an exploit on Mac OS X.
 
Apple's Java is based on the Sun code. I don't know if it has the security bug or not.

I assume that Apple will release an update when Sun updates their code.

As for the plugin, that's usually just a trivial interface plugin to let generic browsers use the system-provided Java environment. Browsers that use plugins for Java (everything other than Safari, it seems) should all be using the same Java environment as those that directly access the Java component of OS X (only Safari, AFAIK.)
 
So much for the much vaunted sandbox. A few lines of Javascript and it's gone. It's not the fact that there's a security hole, but that there is so obvious a one - Sun must really not give a damn. I am going to disable Java in all my browsers now and forever. Sun, you are total losers.
 
broken_keyboard said:
So much for the much vaunted sandbox. A few lines of Javascript and it's gone. It's not the fact that there's a security hole, but that there is so obvious a one - Sun must really not give a damn. I am going to disable Java in all my browsers now and forever. Sun, you are total losers.
Click to expand...
Wow, um, overreaction to the nth degree. It's a flaw, not an in-the-wild exploit. This isn't causing worms to traverse the Internet, propagating themselves and destroying computers in their wake. It's about as "critical" as the much over-hyped MP3 "virus" (read: scam) for OS X several months ago. The code will be updated, we'll get a Software Update if it's really an issue, and the whole thing will blow over.
 
Cless said:
Wow, um, overreaction to the nth degree. It's a flaw, not an in-the-wild exploit. This isn't causing worms to traverse the Internet, propagating themselves and destroying computers in their wake. It's about as "critical" as the much over-hyped MP3 "virus" (read: scam) for OS X several months ago. The code will be updated, we'll get a Software Update if it's really an issue, and the whole thing will blow over.
Click to expand...

If you can disable the security manager like it says, then you have full access to the Java class library from your Applet. So that's a pretty big exploit. For example the Applet could get a list of documents in your home directory and email them off. Better not have anything private in there!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back