I just checked s/w update and got a Java software update for OS X
I knew Apple wouldn't let us down.
Haters can kiss my a....pple
THANKS!
ON EDIT:
Nothing in Software Updater for me. Maybe when I did the Combo Update to 10.5.7 this was included.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Unpatched OS X Java Vulnerabilities Drawing Attention
- Thread starter MacRumors
- Start date
- Sort by reaction score
THANKS!
ON EDIT:
Nothing in Software Updater for me. Maybe when I did the Combo Update to 10.5.7 this was included.
Except it wasn't major until today and they fixed it within hours. Good luck getting that kind of support from Microsux
hmm update aint showing for me yet: http://i43.tinypic.com/2gxe3df.png
and can't find the two articles referenced either:
http://support.apple.com/kb/HT3377 and http://support.apple.com/kb/HT1233 gives a "We're sorry. (404)" page.
and can't find the two articles referenced either:
http://support.apple.com/kb/HT3377 and http://support.apple.com/kb/HT1233 gives a "We're sorry. (404)" page.
Nope not included in 10.5.7 coz im running 10.5.7 and the vulnerabilities work on both Safari 4 beta and Firefox 3.5 beta 4. (I've now disabled Java).
I suppose the updates are being rolled out but it's odd that the articles linked don't actually work (???).
a search for "Java for Mac OS X 10.5 Update 4" on Google shows that Apple has been working on an update for some time - Developer Preview One was released just under a month ago (http://lists.apple.com/archives/java-dev/2009/Apr/msg00221.html).
Except they do. They have a lot more practice at it than Apple.
Can anyone confirm that the Java update listed above fixes CVE-2008-5353?
Really? I have been using OS X for a while now and I have never had a problem. Didn't know that OS X has exploits like that. Does OS X have as many as Windows does??? LOL
Apple's problem isn't necessary whether there are vulnerabilities in OS X or how quickly they fix vulnerabilities, it's how they communicate about them.
While it's true that experience may have forced Microsoft's hand to respond, but Microsoft does have a good system in dealing with vulnerabilities. The second Tuesday of every month they release a round of security updates and the week before they announce what vulnerabilities are being fixed so that people can plan ahead. They of course release updates sooner, if the vulnerability is critical. And if a vulnerability doesn't have an immediate fix, they often provide a temporary workaround until a patch is released and don't necessarily try to hide or ignore it. This is in contrast to Apple's arbitrary time length between security updates and that they are released with no warning.
Apple's current procedure may be sufficient now since OS X vulnerabilities are not widely exploited so there is less danger, but if Apple is going to make Microsoft the poster-child for software vulnerabilities than Apple should at least learn from Microsoft's experience. A more timely, regular, and well-communicated security update strategy can only be a good thing regardless of how secure OS X is.
Okay, when you run the test page you get asked to accept incoming connections and then the voice starts.
Now is the voice just in the small piece of Java OR is it running something on your mac?
If it's just in the java then do you need to physically click allow incoming connections for something to happen?
Now is the voice just in the small piece of Java OR is it running something on your mac?
If it's just in the java then do you need to physically click allow incoming connections for something to happen?
The only thing I can think of is Java is an API layer thats built into the OS. That may have something to do with Apple keeping Java up in OS X, but who knows! I kind of wonder the same thing? Why is it up to Apple to fix issues with a piece of software from another software vendor? No other OS creator is responsible for this, so why Apple? Microsoft doesn't have to patch Java issues. Its up to the end user to download the newest version. It should be the same for OS X users IMO. Even if Apple lets them utilize Software Update to push the updates out.
In a way I think this is part of the problem with Apple and software. Seems like they try to do everything. They sometimes (maybe all the time) develop drivers for the video chips they ships Macs with, now we have Java, possibly some kind of Flash/Shockwave implementation, etc. Apple shouldn't be expected to do everything.
It's running the "say" command, in /usr/bin on your Mac. I assume the applet can be modified to run commands from other directories. Bad news in any case.
I've seen a nasty Mac trojan in the wild
I STRONGLY agree. I ran into a very nasty Trojan a few weeks back. It has changed my world. Nasty Mac malware DOES exist. I've seen it. If I had been running as admin I probably would never have noticed. The trojan would have installed some service and sat there listening for instructions.
Complacency is bad. Mac users think they're safe. Even after nasty malware has shown up.
I think it's more important that Mac users learn to stop running as an admin by default! There's no good reason for doing that, since OS X makes it brainless (and transparent) to invoke an admin username/password when necessary. If you're not running as an admin, the worst an exploit like this could do is hose stuff in your own account. That's still very bad; but it's less likely to allow installation of something like a keylogger, trojan or spyware without your knowledge. Besides, you all have current backups don't you?
I STRONGLY agree. I ran into a very nasty Trojan a few weeks back. It has changed my world. Nasty Mac malware DOES exist. I've seen it. If I had been running as admin I probably would never have noticed. The trojan would have installed some service and sat there listening for instructions.
Complacency is bad. Mac users think they're safe. Even after nasty malware has shown up.
Soo.. now we all have to download Anti-virus software?
Well, maybe http://www.iantivirus.com/ can protect us against trojans and keyloggers...
Well, maybe http://www.iantivirus.com/ can protect us against trojans and keyloggers...
Really? I have been using OS X for a while now and I have never had a problem. Didn't know that OS X has exploits like that. Does OS X have as many as Windows does??? LOL
Ok, leave your door open and your keys in your car. You might be fine for days, weeks even. Give it a try...
Well I've been using a Mac for a couple months now, but don't you have to type in your password and tell the OS to install a program? As long as you aren't downloading from shady places *ahem* torrent files* then you should be fine.
MS has lots of Experience
Yes, MS gets a lot of practice, and I'll guess they'll get some more with the below event being reported elsewhere on the web.
Yes, MS gets a lot of practice, and I'll guess they'll get some more with the below event being reported elsewhere on the web.
Disgruntled?
Landon Fuller "former Apple employee". Is there some animosity here? I realize he thinks he's doing the right thing, but it smells a little to me. I shouldn't judge, but I couldn't help but wonder why he is a "former" employee. Perhaps he went on to greener pastures, who's to say.
I realize the discussion and battle will wage on, but really, can anyone produce some real world examples of effective Mac malware? Aside from "I got a virus once on my Mac and it changed me forever" crap. I chalk most of the problems on the windows side to stoopid users: they've been trained to click on dialogue after dialogue which is how a lot of crap ends up on their pcs.
What do I know, I just work in their world, play in mine
Landon Fuller "former Apple employee". Is there some animosity here? I realize he thinks he's doing the right thing, but it smells a little to me. I shouldn't judge, but I couldn't help but wonder why he is a "former" employee. Perhaps he went on to greener pastures, who's to say.
I realize the discussion and battle will wage on, but really, can anyone produce some real world examples of effective Mac malware? Aside from "I got a virus once on my Mac and it changed me forever" crap. I chalk most of the problems on the windows side to stoopid users: they've been trained to click on dialogue after dialogue which is how a lot of crap ends up on their pcs.
What do I know, I just work in their world, play in mine
But was that Trojan specifically associated with the JAVA problem? I know Mac's can get virus too, I'm not that thick.
But was that trojan the direct result of the original Java issue?......and it appears Apple fixed the issue. Problem solved.