4866999
story
Posted
by
kdawson
on Monday June 15, @07:23PM
from the gentlemen-restart-your-sandboxes dept.
macs4all writes
"Apple has finally addressed the Java vulnerability that nearly everyone else patched months ago. Available now for OS X 10.4 and 10.5, and through Apple's Software Update service, this update patches a flaw in the Java Virtual Machine that could potentially allow a malicious Java applet to execute arbitrary code on the machine. Apple had previously advised users to turn off Java temporarily in their Web browsers."
Related Stories
SAD :( (Score:4, Insightful)
Re:SAD :( (Score:4, Funny)
Yes, they believe their own press.
Parent
Re: (Score:3, Informative)
What a load of bull.
Mac OS software takes special pride in its taste and aesthetics - something Java can never achieve.
And now as more users and developers focus on notebooks, resource hungry Java applications are again bad fit. Spinning cycles for nothing is forgivable on desktops and servers - not on notebooks.
The simple truth is that for Apple, Java was always and is a secondary/tertiary technology. What I heard from Linux's Java porters in past, Sun JDK/JRE is a total mess, demanding loads of
Re: (Score:3, Insightful)
"Mac OS software takes special pride in its taste and aesthetics - something Java can never achieve."
Nonsense, it just hasn't achieved it to date.
"And now as more users and developers focus on notebooks, resource hungry Java applications are again bad fit."
Tell that to Android.
"Spinning cycles for nothing is forgivable on desktops and servers - not on notebooks."
I think you got that backwards, fanboy.
Re: (Score:3, Insightful)
Re:SAD :( (Score:5, Informative)
Apple is now at the point where Microsoft was in 1998.
In 1998, there were tens of thousands of Windows viruses (I remember reading a number like over 40,000, but I can't find a source), while at the same time, MacOS 8 had 7 or so, all of which were protected from freely by the anti-virus program Disinfectant. While I can't find a direct source for my Windows numbers, here's an article [viruslist.com] that makes it look like 1998 was not a very good year for Windows viruses. Even if my memories are off by an order of magnitude or two, it still wasn't a good time for Windows and viruses.
Are you honestly saying that Apple is at that point right now? We have yet to see an actual MacOS X virus in the wild, and there have been how many Trojans in the wild so far? 4?
Parent
Re: (Score:2)
That is no protection at all.
Re: (Score:2)
That is no protection at all.
Well, that explains every Mac virus, trojan, adware, and any other malware you can think of I have ever been infected by in the 20 years I have been using Macintosh computer. All ZERO of them. And the last anti-virus or any other anti-malware software I used was Disinfectant, which was discontinued in May 1998. I've never even had to clean infected files off of a disk (versus the Windows side where my system has been infected once, disks and external drives have had to be cleaned many times from coming in
Re: (Score:3, Informative)
Re: (Score:3, Informative)
So don't pretend that it isn't.
Ummm... Don't put words in my mouth?
I am fully aware that no OS is immune to stupid users. If a user is dumb enough to type in his or her OS's equivalent to "sudo rm -rf /" then they deserve what they get. This is not the point I am trying to make.
You seem to be continuing to ignore my point. The point is, in 1998, Microsoft had numerous malware problems, especially with viruses and worms (which would infect and spread with little or no user interaction). There were literally thousands of viruses, worms, a
Re:SAD :( (Score:4, Insightful)
The post I replied to said that Apple is *now* where Microsoft was in 1998.
In fairness, the post you replied to said that
when it comes to security measures, Apple is now at the point where Microsoft was in 1998
not, "when it comes to number of worms, viruses and trojans, ...".
Parent
Re: (Score:2)
Click a web link to own or download and own seems a while away in the wild?
I would think the feds and smart hackers have all the Mac OS X tools needed.
Mess with them and its like Windows, point and click.
The low end of the script kid, hacker spectrum are only warming up it seems.
Re: (Score:2)
Re:SAD :( (Score:4, Informative)
It's a Mach-based kernel in a BSD-like environment.
Parent
Re:SAD :( (Score:4, Funny)
Joke 1: That, and some non-Apple/Adobe applications eh?
Joke 2: Yeah, so are the Amiga users.
Parent
Re: (Score:2)
Re: (Score:2)
As did Apples back then.
I haven't seen any viruses for AmigaOS3.9 or 4.0 yet.
Your sig (Score:2)
is so very much simpler.
Old versions. (Score:4, Insightful)
...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.
Not that Apple doesn't suck, but you don't really need to troll for reasons.
(Bye, karma, nice knowing you...)
--saint
Re:Old versions. (Score:5, Informative)
...and this means that we can expect Vic20_love to come along any moment now and complain that his OS X 10.1 machine from 19-dickity-6 doesn't have a patch out yet, so Apple sucks.
Apple sucks for different reasons:
Apple PREVENTS Sun (by contract) from releasing java patches. Mac users get their java patches whenever Apple feels like it and gets a round to it [ituit.com].
Parent
Re: (Score:3)
I'm not trying to grief, and it is certainly consistent with reality, but is this documented anywhere?
Re:Old versions. (Score:4, Informative)
I'm not trying to grief, and it is certainly consistent with reality, but is this documented anywhere?
Sure. Only Apple can release java for mac. Something about look & feel and/or quality assurance.
http://blog.cr0.org/2009/05/write-once-own-everyone.html [cr0.org]
http://java.dzone.com/news/critical-mac-osx-java [dzone.com]
Look at the "java downloads for all operating systems" webpage:
http://www.java.com/en/download/manual.jsp [java.com]
Notice that you can't download java for mac from Sun?
Parent
Re: (Score:3, Interesting)
Maybe its time for Sun (who DO control Java) to tell Apple to change its ways (and give control of Java on the Mac to Sun so that Sun can fix stuff without having to wait for Apple).
Its not like Sun needs Apple in order to produce Java for the Mac.
Or is this like the graphics drivers where only Apple has access to the "secret bits" necessary for a JVM to do all the things that the current Mac JVM does?
How hard would it be to just port OpenJDK/IceTea/whatever to Mac and be done with it?
Re:Old versions. (Score:5, Informative)
...Its not like Sun needs Apple in order to produce Java for the Mac.
Sun did a JVM for the Classic Mac OS, and by all accounts it sucked. As in, it was barely usable. This is why Apple (contractually) locked Sun out of delivering Java on OS X. At the time, Apple was bullish on Java, and invested some considerable resources making OS X's JVM integrated into the rest of the OS.
Unfortunately, Apple no longer gives a shit about Java, and it shows. But Sun is still locked out, as far as I know.
Or is this like the graphics drivers where only Apple has access to the "secret bits" necessary for a JVM to do all the things that the current Mac JVM does?
How hard would it be to just port OpenJDK/IceTea/whatever to Mac and be done with it?
There already is. It's the only way to get Java 6 on PowerPC and 32-bit Intel Macs, or on 10.4.x
Unfortunately, it relies on X11 for its GUI, which is generally a big non-starter on the Mac. Also, I don't believe it's possible to use it as the JVM for Java applets in a browser, probably for the same reason.
Parent
Re: (Score:3, Insightful)
Ok, so is there any reason why a proper native OpenJDK port (that works in all the browsers and doesn't use X11) wouldnt be possible? Is it just a case of "patches wanted" or are there undocumented/hidden/internal parts of OSX that only Apple can use that are needed for a full JVM?
Re: (Score:3, Insightful)
Interesting that people who willingly "kiss their karma goodbye" and make statements to that effect are the ones who wind up with the upmods?
Re:Old versions. (Score:5, Funny)
Really? You couldn't read the next line in my post? The one where I say that Apple sucks? You sat there, in the basement, veins straining in your forehead, lips moving dumbly, willing your way to the end of that first sentence and just ran out of steam?
Well, good work on writing a reply, anyway.
--saint
Parent
What about PPC Java? (Score:3, Interesting)
Just wondering. PPC Java for OSX is even more out of date than x86 Java.
The latest java on PPC is 1.5, and I'm sure it's out of date too...
Time to chide Apple (Score:2, Insightful)
Rich also chided Apple for leaving such a major hole unpatched for so long.
Yeah, Apple, a meager market share (not accounting for cost per unit of course) isn't an excuse to leave stuff like this busted. I hereby CHIDE you!
158MB and the Update will not install! (Score:3, Informative)
The update fails to install on some machines, mine included.
Use your favourite search engine (Bing me no Bings) to find references to:
Re: (Score:3, Informative)
I hope this helps other OS X users... After downloading with Software Update, I had to reboot to install the Java update successfully.
This also means that the whole update (158MB) had to be downloaded again. Download it separately before rebooting and install from the downloaded file, just in case.
Re: (Score:2)
Re: (Score:3, Informative)
They bungled some file permission thing inside the update package... [insert Mac vs PC joke here]
Re: (Score:3, Informative)
No problem on my first-generation MacBook using Software Update.
Huge file, though--158MB.
Re:158MB and the Update will not install! (Score:4, Informative)
Parent
maybe (Score:2, Informative)
Well, maybe.
First off, pretty much every time we get one of these "OMG!" stories on slashdot about a security flaw going unfixed, we find out that it's not nearly as bad as suggested by the slashdot summary. In this case, the description linked to from the slashdot article says: "The Java plug-in does not block applets from launching file:// URLs. Visiting a website containing a maliciously crafted Java applet may allow a remote attacker to launch local files, which may lead to arbitrary code execution."
Re:maybe (Score:4, Informative)
Do you work for Apple? Cause if your attitude is in any way related to theirs, I'll skip using their software thanks. "I can run anything on your harddrive" is trivial to leverage to "I can execute anything I want". Even the dumbest hacker can figure it out. Clearly you're dumber.
Parent
Re: (Score:3, Funny)
Re:maybe (Score:5, Interesting)
As a Mac owner I am glad, for whatever reason, viruses are of no concern to me.
...
But at home I get to relax, and ignore the issue completely.
Until the day you can't. I am sorry, but you make me want to troll the net for the next security issue that is resolved in Linux and/or Windows, but Apple drags their feet on (again). Then I can use it to F with people like you. Your confidence comes from your ignorance.
.... full of crap."
Here is the sad truth, Both the Linux/BSD communities and Microsoft take security more seriously than Apple.
Apply repeatedly leaves a lot of holes open longer then they should be. I am thinking iTunes may present a nice target vector, but there have been so many in the past and I am sure there will be more in the future.
I can see the HP/MS commercial now during the Superbowl next year:
PC - "Hi, I'm a PC"
MAC - "and I'm
PC - "Oh, MAC. While your designers were working to change your outsides from white to aluminum they didn't have time to patch the latest security threats to your OS."
MAC - "All my music, all my pictures and all my home movies, gone, the worm even reformated my Time Machine drive and replaced restore points with pointers to an image of a piece of shit and a burning NEXT cube."
PC - "Well, MAC, you like to talk a big game, but you are not good at playing the big game. So let everyone go back to those who can; first with the guys in Superbowl 44 and then with Windows 7 on their next laptop."
Parent
Re:maybe (Score:5, Informative)
http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html [bikemonkey.org]
Parent
Just turn off Java (Score:5, Insightful)
Even after updating, I've found that's advice I can live with.
Java is now Apple's problem? (Score:2)
I do not understand...but since when have problems in Java been Apple's problems?
Seriously, the title talks of problems with Java and then goes ahead to mention that these problems are Apple's problems - absurd!
May be the title should be changed to say something like: -
"...Java exploits a vulnerability on Apple's OSX..."
Re:Java is now Apple's problem? (Score:5, Informative)
Parent
The Black Haxor (Score:5, Funny)
Black Haxor "It is I the black haxor, I seek the finest computer coders to join me in my quest"
Apple Guy " You shall not pass"
Black Haxor "What ?"
Apple Guy "Non shall pass"
Black Haxor "I have no quarrel with you, good sir, but I must move on"
Apple Guy "Then you shall first install photoshop and make an offering at the alter of Steve and promise to buy hardware at twice the price from the lords of apple".
Black Haxor "I command you to stand aside! for I am the Black Haxor"
Apple Guy "I move for no man for I am impervious to all your tricks for I run OSX"
Black Haxor "So be it"
[Black Haxor pulls out his laptop and starts to type]
[HAH]
Apple Guy "What have you done ?"
Black Haxor "I have exploited a java script bug on your system and signed you up as the local leader for the "Pedo's Rights" association and then passed the details on to the the local parents and teachers group"
Apple Guy "what is this trickery, for such is impossible, you lie"
[a rabble of middle aged parents turn up]
Crowd "THERE HE IS, GET HIM!!"
Apple Guy "BAH! Tis but a lie"
Black Haxor "run man, they weld clubs and carry petrol containers and mean harm upon you"
Apple Guy "They do not wish me harm as my laptop colour matches my shoes, thus they come to tell me how great my karma is"
[15 minutes later the Black Haxor is staring at a smoldering pile on the ground]
Black Haxor "Sigh"
[Crosses bridge]
Yeah -FINALLY- (Score:2, Funny)
But anyways us Mac fan bois are back! WOO HOO!!!! "finally"
Re: (Score:3, Funny)
Re:Slashdot Bias (Score:5, Funny)
Had this been a post about Microsoft instead of Apple, I'd imagine there'd be a lot of "ha ha micro$0ft sucks" posts now.
Instead, there's a lot of "ha ha Apple sucks" posts, as one would expect since the story's about Apple and not MS.
Parent
Re: (Score:3, Funny)
What's "dial-up"?
Re:Apple is not a fan of Java (Score:5, Insightful)
Yeah. Those losers should stop running their iTunes store with Java. Lame Java haters!
http://en.wikipedia.org/wiki/WebObjects [wikipedia.org] No, I didn't just edit it, but I suppose it's ripe for vandalism now.
Not like your conjecture is without merit. I mean, what can explain their slowness in Java porting? I wish I knew. It's a real annoyance.
To be mildly fair, us mere mortals aren't getting WebObjects updates anymore, but they don't seem to be slowing down their usage of it at iTunes & the Apple store and dev sites. Perhaps they're going to migrate more things to SproutCore once BitBurger et al gets released. Although that doesn't provide them with a back-end, and I'm not utterly convinced that RoR is up to the demand, inclusion in OS X notwithstanding. If only more Erlang/Mnesia would roll out.
Parent
Re: (Score:3, Funny)
Dooooddd... there's like this totally new thing called Bing! that lets you look stuff like that up! (I hear some pikers down in Cali called googol or something stupid like that are trying to horn in on the action though).