Apple Posts Security Update 2005-002 84
thelemmings writes "Today, Apple released Security Update 2005-002 for Mac OS X. It fixes a bug in the Java 1.4.2 implementation where an untrusted applet could gain elevated privileges and potentially execute arbitrary code. Sounds scary."
Re:Safari Popup Fix (Score:4, Interesting)
p
Scary? Well... (Score:5, Interesting)
So what happened is one version of the JVM, on OSX, has an exploitable flaw that still leaves it less dangerous than... well, Active-X, unflawed.
It's not as serious a problem as it looks, also. They can't install a rootkit or anything like that, just because of the way OSX is designed. Say you have a Mac, and browsed to a site hosting a malicious applet (it's not a virus, so you'd have to *go* there to be in danger, and the website creator is obviously easier to trace than a virus writer). That applet could overwrite your documents, and wreak a lot of havoc, but you're not going to get owned. The Mac will prompt you for a password before it lets any software touch the core software (even its own security update!).
So -- yes, get the fix if you've got a mac, but it's not "scary".
It's more scary then ActiveX (Score:3, Interesting)
This means that someone who knows what they are doing is at more risk on OS X then on Windows.
I'm not claiming that OS X is less secure (I'm running it right now), but this is scary (relatively).
Just miss-type a URL and your compromised.
Mozilla/Camino vulnerable? (Score:3, Interesting)
Re:Apple Proactive? (Score:4, Interesting)
You seem surprised. That's only because so many other companies have trained us not to expect this. We would not expect less than this from other products; operating systems should be the same. Imagine if cars were sold without crash tests. Security in a commercial OS should undergo constant (and pro-active) testing by the company (you can certainly bet its enemies are doing that). The fact that we don't expect that kind of work, and are surprised when we see it, speaks volumes about the practices of the current leaders of the commercial OS industry.
Re:Go Go Apple (Score:3, Interesting)
Re:Apple Proactive? (Score:4, Interesting)
Re:Scary? Well... (Score:3, Interesting)
You misspelled "allow." You also used a sentence fragment. It's a real mess. Here, let me help make your point a little more clear and accurate.
That's much better.