On May, apple give a new patch for updating java just for Mac users, but this had some java flaws in it, which lots of the hackers and security researchers start posting blogs and the data over the Internet. Also the security firm Intego, which makes security software for Macs, warned “users of a java flaw in OS X Java distribution which could allow java applets to execute malicious code.” The vulnerability also affected any other products or programs like java development kit, Sun’s JRE, and all the application that share the same core classes as Java SE and the J2SE. This was the big issue for the ones who were using the java applications every day. These days most of the websites include java features, especially applets, which could place the Mac user’s in dangerous of spyware. Therefore, for the solution at that time before the update version came out, security companies are suggesting Mac users to disable java on their browsers. As in one of the article mentioned “Security vendor SecureMac also advises Mac users to disable Java in their Web browser until Apple fixes the issue. “This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user,” a company note on the SecureMac site reads. “All a user has to do is visit a web page hosting a malicious Java applet to be exploited.”” When programmer didn’t find any update to solve this issue, they have started to complain about that, Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Finally, one month later, apple release a patch for Java on OS X 10.5 and 10.4. Also Apple described that Mac OS X in update version 4 has improved “its reliability, security and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.” This wasn’t the only time that Apple gave the update after a very long time and place user’s security in danger. There have been some flaw in QuickTime video player and DNS which after months these issues had been solved. Comparing all the big companies like Microsoft, Adobe, and Apples which are competing with each other, they have given dozens of patches or updates within last month. So we expect these companies to have a delay in giving the updates out but six months for this kind of vulnerability that had mentioned earlier is not acceptable.
Source:
http://news.softpedia.com/news/Apple-Fails-to-Patch-Java-Vulnerability-112185.shtml
Other Sources:
http://news.softpedia.com/news/Apple-Fails-to-Patch-Java-Vulnerability-112185.shtml
http://www.securityfocus.com/brief/971
No comments:
Post a Comment