New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Security companies warn of unpatched Java exploit on Mac OS X


Post Reply New Thread Subscribe

 
Thread Tools
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,436
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
I'm typically skeptical of these, but this one seems legit - and if executed has the potential to be very bad:

Quote:
Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to "drive-by-attacks" which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system.
Full article here.

If you are concerned (and IMO, you should be), a temporary fix would be to turn Java off in the browser of your choice. Although some sites launch Java applets, they should be relatively few (don't confuse Javascript with Java). So for many of you, there will be little impact to your day-to-day web browsing in turning off Java.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
harryb2448

 
harryb2448's Avatar
 
Member Since: Nov 28, 2007
Location: Nambucca Heads Australia
Posts: 16,030
harryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond repute
Mac Specs: iMac i5 2.7GHz OS X.9.2

harryb2448 is offline
Great advice cwa107. Keep us posted on developments please?
QUOTE Thanks
Big Dan

 
Big Dan's Avatar
 
Member Since: Feb 01, 2009
Location: New York
Posts: 95
Big Dan is on a distinguished road
Mac Specs: Mini 1.83Ghz Dual Core, 2 GB RAM, running 10.6.1

Big Dan is offline
Disable Java in Firefox:

Firefox Menu > Preferences > Content Tab

Picture 1.png
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,103
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
While I do espouse security as an important part of daily use, this exploit doesn't seem to bother me. Disabling Java should work and prevent users from themselves (the cause of most computer problems). I think the part that's bothering me most about this exploit is not the exploit itself but Apple's continued disregard for Java. For a company that want's to be on the edge, they sure don't seem quick to defend and patch the arguably most used programming language in the world (last I heard).

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,436
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Quote:
Originally Posted by vansmith View Post
While I do espouse security as an important part of daily use, this exploit doesn't seem to bother me. Disabling Java should work and prevent users from themselves (the cause of most computer problems). I think the part that's bothering me most about this exploit is not the exploit itself but Apple's continued disregard for Java. For a company that want's to be on the edge, they sure don't seem quick to defend and patch the arguably most used programming language in the world (last I heard).
Agreed. As much as Apple likes to promote the security of Mac OS X, they do seem slow to address high-profile exploits like this. As I understand it, this one has been in the wild for something like 6 months.

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,103
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by cwa107 View Post
Agreed. As much as Apple likes to promote the security of Mac OS X, they do seem slow to address high-profile exploits like this. As I understand it, this one has been in the wild for something like 6 months.
I read nine months. Either way, both times are well too long for such an important program. As much as I like Apple, I do have a few problems with the way they approach things. One of them is that is seems as if the "security through obscurity" myth is their motto in the security department .

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
cwa107

 
cwa107's Avatar
 
Member Since: Dec 20, 2006
Location: Middletown, Pennsylvania
Posts: 26,436
cwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond reputecwa107 has a reputation beyond repute
Mac Specs: 15" MBP, Core i7/2GHz, 8GB RAM, 480GB Crucial M500 SSD

cwa107 is offline
Ooooh.... not good:

Unpatched OS X Java Vulnerabilities Drawing Attention - Mac Rumors

Liquid and computers don't mix. It might seem simple, but we see an incredible amount of people post here about spills. Keep drinks and other liquids away from your expensive electronics!
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,103
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Not good in that it illustrates the trivial nature of the exploit but very good for me (at least) in that it will hopefully get Apple moving on this.

This is why I wish Apple hadn't taken control of Java on the Mac. Since it says that OpenJDK isn't affected, the nerd in me is tempted to try and build OpenJDK tonight.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
ansarcec

 
ansarcec's Avatar
 
Member Since: Apr 29, 2008
Location: Potsdam NY
Posts: 207
ansarcec is an unknown at this point
Mac Specs: 15" MBP, 4GB, 250GB HDD-2.53C2D

ansarcec is offline
disabled it for Safari 4 as well

Ansar...

Mac Rules
QUOTE Thanks
harryb2448

 
harryb2448's Avatar
 
Member Since: Nov 28, 2007
Location: Nambucca Heads Australia
Posts: 16,030
harryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond repute
Mac Specs: iMac i5 2.7GHz OS X.9.2

harryb2448 is offline
I believe the problem is S Jobs has made very negative comments about Java in recent months (do a Google) so I doubt any fixes will come along.

Richard Sprague WebLog : Steve Jobs says Java is history
QUOTE Thanks
Collin Bl

 
Collin Bl's Avatar
 
Member Since: Apr 07, 2009
Location: Napier NZ
Posts: 3,277
Collin Bl is a jewel in the roughCollin Bl is a jewel in the roughCollin Bl is a jewel in the rough
Mac Specs: 27 iMac i5, MBP 13 & iMac 20, 2TB dual TC, AppleTV, iPh4S

Collin Bl is offline
So for those of us that are non techie - should we be unchecking Enable Java or Enable JavaScript in prefs of Safari 3? Or does Enable plug-ins feature as well?
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,103
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by harryb2448 View Post
I believe the problem is S Jobs has made very negative comments about Java in recent months (do a Google) so I doubt any fixes will come along.

Richard Sprague WebLog : Steve Jobs says Java is history
Agreed. As I linked to earlier, Jobs called it a "'Heavyweight' in an Age of Lightweight Computing." I think that's a bit much.

Quote:
Originally Posted by Collin Bl View Post
So for those of us that are non techie - should we be unchecking Enable Java or Enable JavaScript in prefs of Safari 3? Or does Enable plug-ins feature as well?
If you want to be super safe, you should just have to disable Java. Javascript, on the other hand, has nothing to do with Java (despite the name). Otherwise, just be a smart computer user.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
jram

 
jram's Avatar
 
Member Since: Apr 08, 2005
Posts: 472
jram is a jewel in the roughjram is a jewel in the rough

jram is offline
FF users, use noscript..
QUOTE Thanks
TattooedMac

 
TattooedMac's Avatar
 
Member Since: May 19, 2009
Location: Waiting for a mate . . .
Posts: 7,432
TattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant futureTattooedMac has a brilliant future
Mac Specs: 21" iMac 2.9Ghz 13"MBP 2.9Ghz i7 Both on 10.9.2 ~ iPhone5 iOS 7.1 ~ iPad Mini 7.1 ~ ATV2 6.0.1

TattooedMac is offline
Quote:
Originally Posted by Big Dan View Post
Disable Java in Firefox:

Firefox Menu > Preferences > Content Tab

Attachment 10655
Thanks Big Dan

Simple but effective
QUOTE Thanks

Post Reply New Thread Subscribe


« Apple opens fourth Aussie store | next iphone july 17 oled display »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Mac Songs The mac 13 Switcher Hangout 7 05-06-2010 12:35 AM
JAVA 1.4.2 on MAC OS 10.2 ChrisKnox OS X - Operating System 0 09-23-2003 04:21 PM
New SSH Exploit affects Mac OS X users Murlyn OS X - Operating System 1 09-17-2003 02:58 PM
Mac Users Get More ISP Choices schweb Apple Rumors and Reports 1 03-06-2003 10:57 AM

All times are GMT -4. The time now is 06:59 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?