iTWire - No Java fix in Mac OS X 10.5.7

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Core Dump

Stephen Withers turns his gaze on the world of Apple, with detours into other aspects of IT and communications as they catch his attention.

Technology news and Jobs

No Java fix in Mac OS X 10.5.7

No Java fix in Mac OS X 10.5.7

E-mail

by Stephen Withers
Wednesday, 20 May 2009
Page 1 of 3 Mac OS X 10.5.7 failed to deliver a fix for a long-standing and relatively easily exploitable vulnerability in Java. Featured Whitepaper 5 Best Practices for Smartphone Support Apple doesn't have the best reputation for delivering timely security updates. Many months can pass between the arrival of an update for an open-source program used in Mac OS X and the release of an Apple security update that incorporates it. Even when Apple receives reports of flaws in its own software, the company isn't always quick to respond. For example, a vulnerability disclosed as part of the Month of Apple Bugs (January 2007) wasn't fixed until Security Update 2008-001 arrived in February 2008. Although Java is a Sun project, Java for Mac OS X is maintained by Apple. This means there's no workaround for Mac users. (If a security fix is released for Apache or one of the other open-source components, affected users have the option of installing the new version without waiting for Apple.) The first of a class of vulnerabilities in Java that allows applets in web pages to escape the Java sandbox was reported to Sun in August 2008 and fixed in December. Its discoverer, Sami Koivu, and another security researcher, Julien Tinnes, attacked this vulnerability using an exploit written by Tinnes at this year's Pwn2Own contest. Although they succeeded in subverting Safari and Firefox, the entry was disqualified as the underlying vulnerability had already been reported. In his blog, Tinnes explains how the vulnerability can be used to to give an applet whatever privileges the attacker wants. How does it work? See page 2. << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking