Mac OS X vulnerable to critical Java bug

Mac OS X vulnerable to critical Java bug

Summary: Apple's operating system is vulnerable to a security flaw in Java that was made public in December, according to a security researcher

TOPICS: Security

Apple's Mac OS X is vulnerable to a security flaw in Java that was originally publically disclosed almost six months ago, a security researcher has warned.

The flaw affects a number of platforms running Java, and has been patched by most other operating-system vendors, noted researcher Julien Tinnes in a blog post on Tuesday.

"Unfortunately, it is still not patched in [Apple's] latest security update from just a few days ago," he wrote.

Exploits can be written purely in Java code, meaning they work on multiple platforms, Tinnes said. He recommended that Mac OS X users disable Java in their web browsers.

"This one is a pure Java vulnerability," Tinnes wrote in the post. "This means you can write a 100 percent reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers."

Java is enabled by default in Mac OS X browsers such as Firefox and Safari, and Tinnes said he had successfully exploited the Java bug on both browsers.

The bug (designated CVE-2008-5353 in the Common Vulnerabilities and Exposures database) was first reported to Sun in August of last year, and was patched by Sun in December.

Read this


Photos: Evolution of the Mac

A look at how the Mac has evolved through the years...

Read more

It allows a remote attacker to take over a system, and was ranked as "highly critical" by security vendor Secunia.

The vulnerability affects multiple implementations of Java, including OpenJDK, GIJ and icedtea, as well as Sun's own implementation, security researchers said.

Tinnes noted that many companies use web applications that rely on a specific Java version, and that Java updates can break those applications. "This may be the reason why Apple's Java updates are so infrequent," he wrote.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The process...

    Press the Command key and a comma to bring up the prefs dialogue box.

    Click on the security tab.

    Uncheck Enable Java.

    Close the prefs dialogue box.

    There not hard is it?
  • Re: Mac OS X vulnerable to critical Java bug

    or for Firefox 3:

    - Command + ,
    - Select "Content" tab
    - Uncheck "Enable Java"

    Of course a proper fix would be best, but I'm not sure Apple are really listening, as this doesn't seem terribly high-profile (at the moment)...