Java Plug-in Flaw

[MacBytes]

Category: 3rd Party Software
Link: Java Plug-in Flaw
Posted on MacBytes.com

Approved by Mudbug

 

[Nermal]

The plug-in vulnerability raises the stakes, because it opens the possibility of infecting any operating system--Microsoft Windows, Linux and Apple Computer's Mac OS X--on which Sun's Java component can run.

Doesn't OS X use Apple Java instead of Sun Java? If you try to install Sun Java, it just directs you to Apple's site. I did notice, however, that further down the article it says that the security hole hasn't been confirmed on OS X.

 

[bousozoku]

Doesn't OS X use Apple Java instead of Sun Java? If you try to install Sun Java, it just directs you to Apple's site. I did notice, however, that further down the article it says that the security hole hasn't been confirmed on OS X.

The article I read last week said that Mac OS X was not vulnerable, so I'm not sure what's happening with it. However, considering how you need an extra browser plug-in to use Java with something other than Safari, it might be trouble to run an exploit on Mac OS X.

 

[shamino]

Apple's Java is based on the Sun code. I don't know if it has the security bug or not.

I assume that Apple will release an update when Sun updates their code.

As for the plugin, that's usually just a trivial interface plugin to let generic browsers use the system-provided Java environment. Browsers that use plugins for Java (everything other than Safari, it seems) should all be using the same Java environment as those that directly access the Java component of OS X (only Safari, AFAIK.)

 

[broken_keyboard]

So much for the much vaunted sandbox. A few lines of Javascript and it's gone. It's not the fact that there's a security hole, but that there is so obvious a one - Sun must really not give a damn. I am going to disable Java in all my browsers now and forever. Sun, you are total losers.

 

[killmoms]

So much for the much vaunted sandbox. A few lines of Javascript and it's gone. It's not the fact that there's a security hole, but that there is so obvious a one - Sun must really not give a damn. I am going to disable Java in all my browsers now and forever. Sun, you are total losers.

Wow, um, overreaction to the nth degree. It's a flaw, not an in-the-wild exploit. This isn't causing worms to traverse the Internet, propagating themselves and destroying computers in their wake. It's about as "critical" as the much over-hyped MP3 "virus" (read: scam) for OS X several months ago. The code will be updated, we'll get a Software Update if it's really an issue, and the whole thing will blow over.

 

[broken_keyboard]

Wow, um, overreaction to the nth degree. It's a flaw, not an in-the-wild exploit. This isn't causing worms to traverse the Internet, propagating themselves and destroying computers in their wake. It's about as "critical" as the much over-hyped MP3 "virus" (read: scam) for OS X several months ago. The code will be updated, we'll get a Software Update if it's really an issue, and the whole thing will blow over.

If you can disable the security manager like it says, then you have full access to the Java class library from your Applet. So that's a pretty big exploit. For example the Applet could get a list of documents in your home directory and email them off. Better not have anything private in there!