spacer




spacer
Hot off the Press - News
Monday, 01/17/05 by eWEEK

Apple Patches Java for Mac OS X Flaw

Apple on Wednesday released a fix for a highly critical flaw affecting users of its Mac OS X (news - web sites) operating system.

The Apple patch comes exactly three months after Sun Microsystems Inc.'s original warning that a vulnerability in its JRE (Java Runtime Environment) could allow an attacker to turn off Java's security feature and execute malicious code on a compromised machine.

Apple Computer Inc., based in Cupertino, Calif., said the Mac OS X patch updates Java to correct the issue, wherein an untrusted applet could gain elevated privileges and potentially execute arbitrary code.

Independent research firm Secunia, which first flagged the flaw last November, rates the Apple patch as "highly critical."

Security experts are also questioning why it took three months for Apple to patch such a high-profile vulnerability.

spacer

spacer

spacer

spacer

Click here to read more about Secunia's warnings about Web browsers' vulnerability to "phishing".

"Sadly, we're at the stage where it's not unusual for a software firm to take three months to fix [a serious flaw]," said Johannes Ullrich, chief technology officer at the SANS Internet Storm Center.

"The problem is severe, and exploit code has been made available shortly after the vulnerability was announced," Ullrich told eWEEK.com.

Apple officials could not be reached to discuss the timing of the patch.

Read more here about Apple's file-sharing, printing and QuickTime security update for its Mac OS X client and server software.

Michael Haisley, an incident handler at the SANS ISC, called on Apple to do a better job of addressing well-known vulnerabilities in a timely manner. If not, Haisley warned, "Mac OS systems will likely become a much more favorable target for attackers."

VSO_468X60_promo

VSO_468X60_promo
about us | current articles | archive | home | advertise!
all right reserved copyright ©1999-2003. E-mail us.