Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Unpatched OS X Java Vulnerabilities Drawing Attention

gilimanjaro said:
I agree that OS/X is harder target for Malware then Windows, because OS/X is a better OS.
Click to expand...

Ha - just open Console.app and see those double free()'s and other fun stuff flying by if you understand what I mean. Point is that there is no acceptable proof that OSX is more secure than Vista or Win7 or Linux for that matter.

You never "claim" security, you only keep doing your best to "achieve" security for it's like the battle against flu - before you declare success against a trace of flu there is a new trace born somewhere that just blows away all the existing defenses.
 
sleeptodream said:
I wish I could say I was shocked at the defense of Apple against this exploit in this thread but I cant.

I don't think you people understand how serious this really is.

Any website you go to can now easily gain access to your computer. You don't need to download anything, you don't need to enter your password, you don't need to click anything.

Somebody in this thread has proved already how easy it is to change this exploit to DELETE FILES (or run any other command). That's just the beginning. Anybody saying it's not a big deal needs a reality check. JAVA IS ENABLED BY DEFAULT IN SAFARI ON OS X and ANY WEBSITE CAN NOW EXPLOIT THIS *EASILY* and gain the same level of privileges on your computer that you have.

People are likely writing malicious code to exploit this right now. Any page you go to could delete all of your personal files, or WORSE. If you haven't already done so: DISABLE JAVA and tell every Mac users you know to disable Java.
Click to expand...

I'm really starting to think this might even be a good thing in the long run if this exploit blows up in Apple's face.

It might snap them back to the here and now, bring them down a notch or two and stop dreaming too much about tomorrow. It would only be healthy, they've been neglecting things with the Mac-side of Apple with the iPhone getting all the attention and care.
 
Its a little sneaky but somebody should edit the exploit to run the "defaults" command to disable java in Safari (and Firefox if possible).
 
Nope

sleeptodream said:
I just checked s/w update and got a Java software update for OS X...
Click to expand...

Interesting filesize (mine is over 140MB)

p.s. I have the latest browser plug-in (Java Embedding Plugin 0.9.7.1) and dev update preview 4 from ADC installed and I'm still vulnerable, but I never enable Java anyways.
 
localoid said:
It's only available to ADC members.
Click to expand...

I installed the Developer Preview dated April 23, 2009 from the ADC, and the bad news is the bug is still there. The proof of concept works, and I verified I have the Developer Preview version installed from the version numbers. Sad sad sad.
 
themoonisdown09 said:
I'm not really sure how to rate this news article.

I could rate Positive because Landon Fuller is really trying to bring the issue to everybody's attention. But then I could rate Negative because Apple still hasn't resolved this issue.

Hmm... decisions, decisions.
Click to expand...

Ha...yeah. And then you could rate it positive if you're happy that it appeared on macrumors, and negative if you feel it should not have been.

I've never known how to interpret those ratings.
 
zaphon said:
I installed the Developer Preview dated April 23, 2009 from the ADC, and the bad news is the bug is still there. The proof of concept works, and I verified I have the Developer Preview version installed from the version numbers. Sad sad sad.
Click to expand...

You're right. That is sad.

Riemann Zeta said:
So where in the hell did that mysterious update go? WTF?
Click to expand...

If the ADC member only Java update doesn't patch the hole, then there is no Java update available from Apple that fixes this issue. Not yet at least...
 
gilimanjaro said:
I agree that OS/X is harder target for Malware then Windows, because OS/X is a better OS.

But I am of the opinion that malware is so prevalent not because Windows is an easier target, but because it's a much-much bigger target (still).

If I'm a l33t h4x0r out to harm folks, and have to choose between OS's to target then I'll choose the most used one.
Click to expand...

Unix has always been superior to Windows spaghetti-code by an order of magnitude.
 
*LTD* said:
Unix has always been superior to Windows spaghetti-code by an order of magnitude.
______________

At the current rate, Apple could immediately cease OS development for a decade and still be ahead of Microsoft in the operating systems "race."
Click to expand...

If you are comparing Win9x to UNIX, that's not far from the mark.

For Windows NT systems, however, UNIX (especially Linux) is still struggling to add some basic features that are part of NT.

Your comments are those of a fanboi - you say "Apple is better" without understanding where Windows really is.

Win9x, though - is the Windows from the last century. You need to look at Windows 6.0 and Windows 6.1 when you make such claims.
 
*LTD* said:
Unix has always been superior to Windows spaghetti-code by an order of magnitude.
Click to expand...

What Windows "spaghetti-code" have you seen? For that matter, do you even know what spaghetti-code is? Like most people here, I much prefer OS X to anything out of Redmond, but you're just spreading FUD here.

Despite what you seem to think, Apple is far from perfect. This particular exploit should have been patched months ago. Unfortunately, this is routine behavior from Cupertino. In 2007, I found an easily reproducible (as a non-admin user, no kernel extensions) kernel panic in 10.5, provided Apple with a complete description and kernel core dumps, and still the bug wasn't fixed for more than a year.
 
notjustjay said:
That is actually a ridiculously clever idea. :)

Meanwhile, I'm turning off Java as soon as I get home.
Click to expand...

If anyone is willing to test it, I'd be willing to write it. (I don't have a Mac OS X box accessible at the moment.)

PM me if you are.
 
celtikmind said:
I'm really starting to think this might even be a good thing in the long run if this exploit blows up in Apple's face.

It might snap them back to the here and now, bring them down a notch or two and stop dreaming too much about tomorrow. It would only be healthy, they've been neglecting things with the Mac-side of Apple with the iPhone getting all the attention and care.
Click to expand...

Amen!

:apple:
 
One site associated with my school uses Java (don't ask me why) should i turn Java on when i need to visit that site? I'm pretty sure they wont have some malicious code, but you can never be sure can you?
 
supmango said:
No one uses Java, why waste time fixing something you don't use.
Click to expand...

Because it is enabled by default in all major browsers therefore anyone who uses the web is at risk. All it takes is for someone to go to a malicious website and their computer can be compromised.
 
supmango said:
No one uses Java, why waste time fixing something you don't use.
Click to expand...

Why lock your front door when nobody is going to go around feeling them all any way? You probably live in good enough neighborhood right? :rolleyes:

*LTD* said:
Don't you mean Snooze "ten"?
Click to expand...

Where do you think Apple's OS will be, claiming security and then this blows up somewhere bad? Think I'll keep the "Ex" until it's fixed at least!

*LTD* said:
Which still doesn't make it funny . . .
Click to expand...

Dark ironic humor is a rare thing I know. Please don't feel sad. :D
 
People get tired of hearing "the sky is falling" over Apple's lack of real security concerns. Eventually, someone will be right and the flood of "I told you so"s will crush the life from us.

In the meantime, let's hope the bug gets corrected soon.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back