Apple Patches Security Flaws with Java Updates
June 15th, 2009 at 5:21 PM - News by Jeff Gamet
Apple rolled out Java security updates for Mac OS X 10.4 and 10.5 late Monday afternoon. Java for Mac OS X 10.4 Update 9 and Java for Mac OS X 10.5 Update 4 patch a series of flaws that could let a remote attacker gain elevated privileges or execute arbitrary code on the victim's computer.
The security updates address issues in Mac OS X 10.4.11 and 10.5.7 where attackers could use untrusted Java applets to gain elevated privileges on a victim's computer, or where visiting a Web site containing a maliciously crafted Java applet could let an attacker run arbitrary code with the victim's current privileges.
The updates are free and available via the Software Update application, or as downloadable installers for Mac OS X 10.4.11 and 10.5.7 at the Apple Support Web site.
6 Observer Comments
The last Security Update killed my venerable iMac G$ so thoroughly that even reinstalling OSX hasn’t brought it back to full functionality.
And now Apple wants us to install another Security Update? Anyone who does so is taking a terrible chance. Me, I’ll never install another Apple Security Update until I know that no one else’s machine has been hosed by it.
Not a bad precaution, especially with an older system.
FWIW I’ve installed it on two systems so far, a silver and a white MacBook, running 10.5.7 and it was fine. Like you, I’m waiting to do my G5.
The last Security Update killed my venerable iMac G$ so thoroughly that even reinstalling OSX hasn’t brought it back to full functionality.
Ummm, yeah. So wiping the previous install (including the security update) and reinstalling the OS doesn’t bring it back? And how does that work, exactly?
I put absolutely no faith in anecdotal “evidence” from unregistered guests. Especially when it makes no sense whatsoever.
I’ve installed all of these updates without a hitch on G5 systems running 10.5.7. Either the first poster is flat out lying, or there is something seriously wrong with that machine.
While in general it may be a good idea to wait a few days in order to check if someone else may have had some problems with the update, this particular patch is extremely critical. Safari was wide open to serious drive-by java attacks and, in addition to the proof-of-concept site that demonstrated how simple the attack was (absolutely no action by user required to get root privileges after visiting the malicious URL), malicious sites were being reported out there. The worst part is, you just don’t even know you’ve been had by the attacker!
As for these installation problems, if you have a mission-critical machine and are anxious about updating, just do a full back-up (carbon copy cloner or similar) and update. If it’s hosed, reformat, restore and all is well.
Safari was wide open to serious drive-by java attacks
Only if you haven’t turned off Java in your preferences, which, seriously, everyone should have done if they were continuing to use Safari after the exploit was announced. Probably still a good idea to only turn it on if you have a specific need and then only when necessary.
Recent Headlines - Updated November 9th
- Sun, 11:59 AM
- Mac Geek Gab Podcast - MGG 226: Magic Mouse, Apple Battery Secrets, Q&A
- Sat, 7:58 PM
- News - Apple TV 3.0.1 Update Fixes Missing Content Bug
- Fri, 7:45 PM
- Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- 6:40 PM
- News - iPhone Moves Into RadioShack
- 6:30 PM
- News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
- 5:43 PM
- Free on iTunes - Dictionary, Dictionary, Dictionary, And More
- 4:09 PM
- John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
- 3:32 PM
- Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- 2:25 PM
- Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
- 2:15 PM
- How-To - The Mysteries of Rosetta Housekeeping
- 1:33 PM
- News - iPhone Game Developer Sued for Collecting User’s Cell Numbers
- 1:17 PM
- Games - Warhammer Online Expands Trial Play Option
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Get the Right Memory / Ram for your Mac. Top Quality, Competitive Prices, Lifetime Warranty. Expert Support and Video Installation Guidies too! 4.0GB Matched Sets from $87.99, Options up to 32GB. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
J&R ComputerWorld’s Weekend Sale - Sitewide Unbelievable Deals
OWC’s Garage Sale - Lots of New Goodies
Refurbished 13” MacBook Air 1.86GHz Intel Core 2 Duo $1249.00 Delivered
Refurbished iMac 24-inch 3.06GHz Intel Core 2 Duo: $1149.00 Delivered
Apple Refurbished 24” LED Cinema Display: $599.00 Delivered
