back to article Apple releases Java patches (finally)

Apple has released security updates for Mac OS X and Mac OS X Server 10.4.11 and 10.5.7 - more than six months after Sun Microsystems warned the world of flaws in its Java virtual machine that make it easy for attackers to execute malware on users' Macs, PCs, and Linux boxes. Better late than never. Last month, The Reg took …

COMMENTS

This topic is closed for new posts.
  1. John Molloy

    You could have been...

    ... but as far as I know no one was. I just turned java off until now.

  2. amanfromMars 1 Silver badge
    Alien

    Java for Cloud Assignations and AIMissions

    "I just turned java off until now." ... By John Molloy Posted Tuesday 16th June 2009 17:53 GMT

    John,

    Java is not something that you can off. And it is a Very Powerful Language able to Converse with All Virtual Machines and NINJA Machinery .... which are in Reality and Virtualisation, Neural Networks InterNetworking at Quantum Communications Levels/Higher Deeper Virtual Core Processor Architecture Builds.

  3. J 3
    Alien

    amanfromMars 1?

    Do you mean there was more than one? Aaaargh!

  4. snafu
    Happy

    Was that a BuzzwordsBot?

    Can we vivisect it? Can we?

  5. Anonymous Coward
    Anonymous Coward

    @ El Reg

    Quote: "If you followed our suggestion last month to take Security researcher Landon Fuller's advice to disable Java applets in your browser and uncheck the "Open 'safe' files after downloading" setting in Safari's General preferences, you're now free to reverse those changes."

    Or you could just leave them both off permanently. Is Java actually used for anything useful on the web these days, for the vast majority of people? It has been off in my browser for months and I haven't noticed it at all.

    The 'safe' files thing is something that should never, ever be on. The most retarded setting in a browser anywhere. I just love how Apple puts it between quotes to indicate that even they don't believe that these files are 'safe'.

    My advice - unless you really do need Java for anything, just leave it off. 'Safe' file opening should be left off regardless of what you want. If you are incapable of double-clicking a downloaded file to open it yourself then you shouldn't be using a computer. If you are stupid enough to double-click something in your Downloads folder that you didn't download yourself, then you shouldn't be permitted to carry on living in a Darwin Award type of way.

  6. Muscleguy
    Thumb Down

    Any chance of

    some evidence of working exploits in the wild taking advantage of this vulnerability? After all if it has been known about for over 6 months that's plenty of time for one or more, so where are they? Your tut tutting at Apple's tardiness would carry more weight if there was a real risk, without exploits the risk is only theoretical and the continuing lack of exploits on the platform would indicate that Apple is right in not choosing to rush these things.

  7. Andrew Downes

    No update for 10.5.6!

    10.5.7 was a big download and I hadn't got around to it yet. Shocked to find the fix wasn't offered at 10.5.6 so needless to say I have now done both.

    I'd echo Muscleguy's comment that if there's no exploit then the tone of your article was scaremongering. But better safe than sorry.

  8. Anonymous Coward
    Joke

    @amanfromMars 1

    Wait just a damn second here. Will the real amanfromMars please stand up?

    Oh god I hate that song and for that I am going to go swallow a gun barrel now.

    /Anon becuase I dont want to be associated with this comment

  9. Gilbo
    Stop

    @Muscleguy

    Analysing the outcome of 6 months of unpatched Java, in hindsight, and excusing Apple's tardiness because nothing happened doesn't make much sense, does it? You wouldn't leave your front wide open all day, every day simply because you're not aware of any burglars in the area.

    Surely it's the fact that there COULD have been exploits developed at any point over the last 6 months that's important. That's the difference between proactive and reactive security... or in Apple's case inactive.

  10. Anonymous Coward
    Alien

    Wow!

    OK I down loaded the OS update Sunday (~140 MB) and another ~ 500 MB today.... I wonder what this thing will run like after the download has fully expanded.

  11. Player_16
    Alert

    @ George Schultz

    The 'WOW' starts now!

    No not really. No difference for 10.5.7. Doing a separate download for 10.4.

  12. Martin Edwards
    Thumb Up

    @Gilbo

    Well said, good summary.

  13. Antidisestablishmentarianist
    Flame

    What's Java?

    Must be something important right? To warrant such a speedy response?

  14. KroSha

    Alternatives

    No Script protects against this, allowing only scripts & Java from specified domains to be run. It's been protecting me since this situation was outed and as a side-benefit I've had a nicer net experience, as a majority of ads get blocked as well. http://noscript.net

  15. qwertyuiop
    Alert

    @Muscleguy

    So, no need to patch unless there's an exploit? *REALLY* clever! This would be the famed Apple security would it?

    Oh, of course, I'm forgetting that the blessed Steve *KNEW* that there wouldn't be an exploit for at least six months and so it was safe to do nothing. Get real - if there's a vulnerability you patch for it, you don't wait for it to be exploited.

  16. John Molloy

    @ Qwertyuiop and others

    "So, no need to patch unless there's an exploit? *REALLY* clever! This would be the famed Apple security would it?"

    No. But the point is that it was easy enough to NOT have running which is what I did when the security alert came up. I don't have any reason to run it anyway and one would assume that those that did would be on some kind of trusted network anyway.

  17. Anonymous Coward
    Anonymous Coward

    @J 3

    Well, at least that explains why I occasionally understood one of his posts - it was actually an imposter using his name.

  18. Mudslinger
    Stop

    @KroSha

    Are you confusing Java and Javascript?

    They're about as similar as cow's milk and soya milk

This topic is closed for new posts.

Other stories you might like