Apple fixes Java security flaw for Mac OS X
Wednesday, June 17, 2009
Apple patched 32 vulnerabilities in multiple versions of Java used in Mac OS X 10.5 and Mac OS X 10.4, more than six months after Sun Microsystems fixed the same flaws for Windows and Linux platforms.
The company acknowledged that some of the flaws could be used by remote attackers to take control of Macs. "Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution," the company said in its security bulletin.
Because Apple uses its own versions of Java, the company frequently fixes security flaws months after Sun issues them.
Last month, Landon Fuller, a former Apple employee, published proof-of-concept for a Mac Java vulnerability on his blog because "it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated."
As the vulnerability had been public knowledge for six months, "I have decided to release a my own proof of concept to demonstrate the issue," Fuller wrote.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
