Security Market Segment LS
×

Warning

JUser: :_load: Unable to load user with ID: 66
×

Message

Failed loading XML... Document is empty
Tuesday, 16 June 2009 08:19

Apple's tardy Java update arrives

By
Apple has finally got around to updating the Mac OS X version of Java, fixing a worrying vulnerability that's been lingering for months.
Late last year, Sun addressed a vulnerability in Java that allowed applets in web pages to escape the Java sandbox and ultimately run with whatever privileges an attacker wants.

When Mac OS X 10.5.7 arrived last month without a corresponding update, Julien Tinnes, a colleague of the original discoverer went public on the issue.

The vulnerability was especially significant as a reliable exploit could be written in Java to work on any hardware, operating system or browser. "This is close to the holy grail of client-side vulnerabilities," said Tinnes.

Now Apple has released Java for Mac OS X 10.5 Update 4 and Java for Mac OS X 10.4 Update 9 which address this and other vulnerabilities. A substantial proportion of the issues have been known since 2008.

The updater for 10.4 addresses 52 vulnerabilities, 28 in Java 1.5 and 24 in Java 1.4. It updates to Java 1.5.0_19 and 1.4.2_21.

The 10.5 updater addresses an overlapping set of 53 vulnerabilities in Java 1.4 and 1.5, 28 in Java 1.6, plus another set that are specific to Java 1.5 on Mac OS X 10.5.

That last group relates to Aqua Look and Feel for Java, and may allow an applet to gain elevated privileges. The fix works by denying access to internal details of Aqua Look and Feel by untrusted applets.

Apple's Java Preferences utility allows a user to specify which of the installed Java Virtual Machines will be loaded. This allows the use of applets and applications that require an older JVM.

Read 3803 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Latest from Stephen Withers

Related items

More in this category: « Slow now, better times ahead for APAC network security market NZ banks looking for competitive advantage with technology »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments