Voted 3

Apple releases Mac patch for major java vulnerability, fixes 32 issues

Angsuman Chakraborty

June 17th, 2009

apple-security Contrary to the usual beliefs that my Mac is fully secure, we have reported again and again that it isn't exactly the same unless you are one of those self -assured types with eyes closed. The reason Mac community hasn't been affected is because of the strange aloofness of Black Hat groupies to exploit its vulnerabilities rather than pampering it. Anyway, just to prove my point that Apple never was too concerned about patching the security loopholes, they have at last fixed a potentially very harmful Java hole after almost 11 months of being addressed by Sun Microsystems. Sun warned the world of flaws in its Java virtual machine that make it easy for attackers to execute malware on users' Macs, PCs, and Linux boxes and they had fixed it for Windows and Linux at least 6 months before. So, Apple did it after the tech world knew, got worried, fixed and forgot about it.

The Flaw

The flaw, was originally found by Sami Koivu, who reported it to Sun Microsystems on August 1st 2008. The vulnerability also affected OpenJDK, GIJ, icedtea and Sun's JRE, which share the same core classes with Apple's Java SE and J2SE. A patch was issued by Sun on December 3rd 2008, with most of these distributions quickly incorporated it.

as dailytech reports.

The Solution

You can download the patches from here

Previous Experiences of Apple being negligible with security issues

It isn't the first time that Apple has been negligible with security issues.

Last month, a security researcher angered by the delays posted attack code that exploited one of the unfixed bugs. The vulnerability exploited by Landon Fuller, a San Francisco-based researcher, was one of the many that Sun fixed Dec. 3, 2008, but that Apple only got around to patching yesterday.

And then in last August, security researchers said Apple didn't move fast enough to fix the DNS flaw identified by Dan Kaminsky.

"Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue," Intego, a Mac security software maker said in a security advisory last month.

Filed under Apple, Computer Security, Headline News | Tags: Eyes, Mac, Mac Java flaws, Mac OS X, Mac security | Comment on this Article 1 Comment | Email this Article

Computer Security News

Eyes News

Apple Released Java Security Update for Mac OS X

April 19th, 2006 The Java 2 Standard Edition 5.0 Release 4 update, issued Monday, fixes a vulnerability in Java Web Start. An application, exploiting the vulnerability, may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application.

US Department of Homeland Security Wants You To Update Windows

August 10th, 2006 I have never seen them so concerned about computer vulnerability from Microsoft Windows software. Everyone knows Windows OS is vulnerable by default.

Apple Fixes hole in Mac OS X With Security Updates 2009-003

August 6th, 2009 For years now, Apple had been bragging about its virtually impregnable OSes. It's high-time that the Cupertino company stand up to its words.

How to Freely Download iPhone OS 3.1.2 Firmware Update

October 9th, 2009 Apple has released the latest firmware for iPhone OS. The new version, iPhone OS 3.1.2 is available for iPhone, iPhone 3G, iPhone 3GS and iPod touch.

Oh No! Yet Another WordPress Fix to a Fix to a Fix to a Fix

May 28th, 2005 WordPress team has come up with yet another security fix (1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5. Update: Now it should read: WordPress team has come up with yet another security fix (1.5.1.3) which fixes the (yet another undisclosed security risk) fix(1.5.1.2), which fixes the fix (1.5.1.1), which fixes the fix (1.5.1), which is a fix for undisclosed security defects in WordPress 1.5.

WordPress 2.0.4 Security Update Released

July 31st, 2006 WordPress 2.0.4 is available for download. This release contains several important security fixes, so it’s recommended upgrade for all users.

Ruby on Rails Releases Yet Another Emergency Security Upgrade - 1.1.6

August 11th, 2006 Rails has taken the right route and went for full disclosure unlike for example the WordPress team, who still believes in the flawed concept of security by obscurity. After a full assessment of the security vulnerability (details below) Rails team decided they needed yet another emergency patch to fully close the hole.

Linux Worm Exploits PHP XMLRPC Vulnerability

November 9th, 2005 There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP XMLRPC implementation vulnerability. PHP XMLRPC implementation is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, PHPGroupWare, TikiWiki etc.

Ubuntu Releases Thunderbird Patch for Highly Critical Vulnerabilities

May 3rd, 2006 The security vulnerabilities addressed are: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information and Denial of Service. Ubuntu has issued an update for thunderbird.

Serious Security Vulnerabilities of WordPress 1.5.1.2 and below

July 5th, 2005 WordPress is a very popular personal publishing platform aka blogging platform (with a primitive CMS) in use all over the web. There are a number of serious security vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system.

PHP XMLRPC Remote Code Execution Vulnerability affecting Popular Blogging and CMS Platforms like WordPress 1.5.1.2 (and lower), PostNuke, Drupal, b2evolution TikiWiki etc.

July 5th, 2005 PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC, web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge.

WordPress 2.5 Released: Will WordPress 2.5 Be The First Problem Free Major Version? ... Maybe Not

March 29th, 2008 Every major & minor version of WordPress (1.5, 2.0, 2.1...) comes with teething problems which are then fixed in patch releases. Will WordPress 2.5 release finally break the curse? Maybe not...

If you are using IE, A hacker can take control of your machine: Microsoft

July 6th, 2009 SAN JOSE, Calif. — Microsoft Corp.

Serious Security Hole in Ruby on Rails

August 10th, 2006 A serious security concern in Ruby on Rails has forced the Rails team to come up with release 1.1.5, without waiting for the scheduled release of 1.2. David from Ruby on Rails team says: This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this).

Mambo / Joomla SQL Injection Vulnerability Discovered

August 28th, 2006 Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "id" parameter when editing content isn't properly sanitised before being used in a SQL query.

Simple solutions for complex problems.

Apple releases Mac patch for major java vulnerability, fixes 32 issues

The Flaw

The Solution

Previous Experiences of Apple being negligible with security issues

Computer Security News

Eyes News

Topics (map)

Taragana Network

Blog Stats

Poll

Latest Tweets

Apple

Mac OS X

Latest Friend Feeds

Apple

Eyes