Apple's Latest Java Update Addresses Flashback Malware

Apple's Latest Java Update Addresses Flashback Malware

Apple can't be too happy about having that Flashback malware news hit over half a million Mac users, and on a percentage basis, that's pretty extreme. But now, hopefully, the past can be the past. A new update in OS X Software Update patches Java, enabling the program (on Lion machines) to stop automatically executing Java applets. Users can still override the new default, and of course, this security patch "removes the most common variants of the Flashback malware." If you've been dealing with the issue, or just cautious not to get it, this update looks like one you shouldn't avoid.

0
+ -

Hopefully Apple now realizes that if they're going to distribute 3rd party software with their OS, they have to push their partner's critical security patches ASAP. Sitting on them for six weeks just because there was no known exploit is unacceptable.

The other OS guys didn't get bit on this because they simply had no part in it: Microsoft doesn't pre-install or support Java, and Oracle puts that annoying (but apparently necessary) update app in the system tray of people who do install it. Meanwhile, the majority of Linux users use the unaffected OpenJRE flavor of Java instead due to the licensing terms for redistribution - Canonical had even announced they were removing the Sun-JDK from the Ubuntu repos in January and encouraged anyone who had installed it to migrate to OpenJDK before they deleted the packages in mid-February.

At any rate, everyone will be on OpenJRE soon (which hopefully means they'll make it work better with Minecraft ). There will be a release (JDK only, not JRE) in a couple of weeks, and the OSX version will be available at the same time as the other OS's (for the first time, I read).

0
+ -

Yes, hope fully this will get Apple to take their heads out of the sand, and have a more proactive stance toward malware, and stop living in denial.

0
+ -

Back late last year, Apple announced they were handing their integration components over to Oracle to support - so it should all be built in to the new OpenJRE releases and Apple will release their patches the same day as everyone else. I'm sure this embarassment will help them push that process along.

0
+ -

or if you don't need Java don't install it in the first place. I'd say 90% of the Internet doesn't need it. The latest mac malware exploits a bug in Microsoft Word patched in 2009. http://www.zdnet.com/blog/security/new-version-of-mac-os-x-trojan-exploits-word-not-java/11566?tag=mantle_skin;content

 

Login or Register to Comment
Post a Comment
Username:   Password: