Java vulnerabilities?

Discussion in 'macOS' started by Azathoth, Oct 16, 2010.

  1. Azathoth macrumors 6502a

    Joined:
    Sep 16, 2009
    #1
  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    Java is an integral part of MacOS X. Apple provides the updates to Java via Software Update. It is interesting that you look to a Mozilla website as an authority. Firefox and other Mozilla browsers include their own Java VM [developed by Symantec, IIRC]. However, the Mozilla JVM lags behind Apple's. This is why the Javaplugin Project developed the Java Embedding Plugin. It allows Mozilla browsers to access the Apple JVM.
     
  3. Azathoth thread starter macrumors 6502a

    Joined:
    Sep 16, 2009
    #3
    Current Java is 6 update 22 for most platforms (http://www.java.com/en/download/manual.jsp#apple), my system is reportedly running Java 6 update 20 (http://www.java.com/en/download/help/testvm.xml) - there have been a number of security fixes in update 22. That is why I am wondering if this is a potential security issue.
     
  4. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #4
    Security issues do indeed exist in the latest Java version for Mac OS X. Apple is working on an update - as evidenced in their developer site (free registration required). However, the update only brings Mac OS X Java 6 to u21 currently. I firmly believe that Apple will integrate the u22 changes into the update that they are currently working on, though.
     
  5. Azathoth thread starter macrumors 6502a

    Joined:
    Sep 16, 2009
    #5

    Thank you.

    Because Apple do their "own" version of Java, I was wondering if the Java vulnerabilities are also applicable to OS X, seeing as it reports itself as Java 6u20 I guess so. Oh well hopefully OS X sandboxed model (with FF & No Script) will protect me til the update :)
     
  6. luci747 macrumors newbie

    Joined:
    Jan 12, 2011
    #6
    Acording to Microsoft blog, Java is vulnerable until latest update 23. One of this vulnerability is afecting also MacOS X.
    http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx

    "CVE-2008-5353 3,560,669 1,196,480 A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X."
     
  7. Winni macrumors 68030

    Winni

    Joined:
    Oct 15, 2008
    Location:
    Germany.
    #7
    I think you are mistaken. Firefox and others contain and own implementation of JavaScript, but that has NOTHING to do with Java the language or Java the platform/VM. All web browsers require a platform specific installation of Java when you visit a Java enabled website, and Firefox on Mac definitely launches Apple's Java VM when you navigate to a Java website.

    Since Apple officially deprecated its own Java implementation (and used to be awfully slow with updating the VM even when it was still officially supported), this is now just another security hole in OS X that probably won't ever be closed.
     

Share This Page