Actively exploited, no patch, months after the Boys From Redmond jumped to. All you Windows fanboys can stop smirking at the Mac crowd, please.More than six months after Sun Microsystems warned that a flaw in its Java virtual machine made it trivial for attackers to execute malware on end users' machines, the vulnerability remains unpatched on Apple's Mac platform.
Most other operating systems, including Windows and major Linux distributions, fixed the bug months ago. That's a good thing given it is actively being exploited in the wild.
Java is the programming language from Sun Microsystems that runs on pretty much any device you see. This means that it's not your run-of-the-mill security problem:
"This bug, and others like it, are essentially 'write once, own all' type deals," Immunity researcher Bas Alberts wrote in an email to The Reg. "So yeah, they're fairly interesting to people on the offense side of the fence."Note to Apple engineering: stop drinking the kool-aid and patch the bug, please. Sheesh.
Those of you with Macs, you're on your own until Apple takes care of business. Here's what you do:
- Mac OS X users should disable Java applets in their browsers and disable 'Open "safe" files after downloading' in Safari.
- Soylatte users running untrusted code should upgrade to an OpenJDK6-based release, where possible. No future releases of the JRL-based Soylatte branch are planned at this time. If this is an issue for you, please feel free to contact me.
- No work-around is available for users otherwise running Java untrusted code.
2 comments:
I can't remember the last time I went to a web page or loaded an app that was Java based.
Srsly, It's been years.
What do you do with Java?
Anon, a lot of apps seem to be Java based. New stuff is AJAX, from what I see, but the old saying applies:
"The only way that the Lord could create the entire heavens and the earth, is because He had no installed base to support."
Post a Comment