EmailSafety.net - Apple patches critical Java bugs, but leaves Leopard users vulnerable

Apple patches critical Java bugs, but leaves Leopard users vulnerable

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Apple today patched 15 vulnerabilities in three versions of Java used by Mac OS X 10.5, or Leopard, bringing the operating system up to par with fixes that Sun issued a month ago.

Today's Leopard updates take that OS to the same edition of Java 6 included with Snow Leopard , which Apple shipped last week. At the same time, however, the update doesn't include the very latest Java fixes, which Sun delivered Aug. 11.

According to Apple's advisory , the upgrade patches 15 distinct vulnerabilities in Java, and updates Java 6 to version 1.6.0_15, Java 5 to version 1.5.0_20 and Java 4 to version 1.4.2_22. Sun issued those updates on Aug. 4.

All the vulnerabilities could allow for "arbitrary code execution," Apple-speak for the type of bug attackers can use to plant malicious code on a computer. Although other major software makers, like Microsoft and Oracle, assign threat rankings to their bug fixes, Apple does not. For example, Microsoft dubs the same kind of flaws as "critical."

Related Content

"Visiting a Web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user," Apple said in its advisory, explaining how an attack might work.

The Java update applies only to the client and server editions of Mac OS X 10.5, which are currently at v. 10.5.8. Users still running Mac OS X 10.4, aka Tiger, remain stuck on older versions of Java. Tiger's Java components were last updated by Apple on June 15, when it bumped up Java 5 to 1.5.0_19 and Java 4 to 1.4.2_21.

Although the June update -- which also affected Leopard -- plugged holes that Sun had filled six months earlier , today's update came harder on the heels of Sun's fixes for Windows and Linux. "That's not too bad for Apple, actually," said Andrew Storms, director of security operations at nCircle Network Security, in an instant message.

Apple maintains its own versions of Java and is responsible for delivering patches to users. Typically, Apple is slow to patch the problems that Sun fixes, with a six-month lag not unusual. When Apple refreshed Java in September 2008, for example, it fixed more than two-dozen vulnerabilities, some of which had been patched in updates for Java for Windows, Linux and Solaris as far back as March 2008.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites