Linked by Thom Holwerda on Tue 19th May 2009 22:20 UTC
Mac OS X Six months ago, a certain security flaw in Java was fixed by Sun. This flaw was present in OpenJDK, GIJ, icedtea and Sun's JRE, but it got fixed in those. There's one important shipping Java implementation that still has not been fixed to remove this security flaw: Apple's Java.
Thread beginning with comment 364674
To view parent comment, click here.
To read all comments associated with this story, please click here.
bousozoku
Member since:
2006-01-23

I'm sure they'll fix it after the first Apple machine falls in next year's Pwn2Own. ;)

Seriously though, they probably stuffed the patches in with the next OS release as they've done with proper sandboxing around safari and those other niceties that make breaking osX easy.

(It's a bit of irony to learn that Windows actually has better security mechanisms in place than osX. The security researcher's disagree with the marketing.)


I don't like to wait for them. Since Avie Tevanian left the company, they've become far too reckless in their software, as if they're doing it purposely to sell new hardware.

All the security bits in Windows would mean something if Microsoft removed ActiveX, but it's still a security leak by design and no matter how many UAC dialogues appear, you can't change people. You can lead a horse to water, but you can't make him think, as I say.

Reply Parent Score: 2