Apple's Latest Java Update Addresses Flashback Malware

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 24,877
Points 1,116,660
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, Apr 13 2012 9:26 AM
Apple can't be too happy about having that Flashback malware news hit over half a million Mac users, and on a percentage basis, that's pretty extreme. But now, hopefully, the past can be the past. A new update in OS X Software Update patches Java, enabling the program (on Lion machines) to stop automatically executing Java applets. Users can still override the new default, and of course, this security patch "removes the most common variants of the Flashback malware." If you've been dealing with the issue, or just cautious not to get it, this update looks like one you shouldn't avoid.

  • | Post Points: 35
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sat, Apr 14 2012 10:36 AM

Hopefully Apple now realizes that if they're going to distribute 3rd party software with their OS, they have to push their partner's critical security patches ASAP. Sitting on them for six weeks just because there was no known exploit is unacceptable.

The other OS guys didn't get bit on this because they simply had no part in it: Microsoft doesn't pre-install or support Java, and Oracle puts that annoying (but apparently necessary) update app in the system tray of people who do install it. Meanwhile, the majority of Linux users use the unaffected OpenJRE flavor of Java instead due to the licensing terms for redistribution - Canonical had even announced they were removing the Sun-JDK from the Ubuntu repos in January and encouraged anyone who had installed it to migrate to OpenJDK before they deleted the packages in mid-February.

At any rate, everyone will be on OpenJRE soon (which hopefully means they'll make it work better with Minecraft ). There will be a release (JDK only, not JRE) in a couple of weeks, and the OSX version will be available at the same time as the other OS's (for the first time, I read).

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 100 Contributor
Posts 1,071
Points 10,850
Joined: Jun 2010
Location: Pennsylvania
CDeeter replied on Sat, Apr 14 2012 10:43 AM

Yes, hope fully this will get Apple to take their heads out of the sand, and have a more proactive stance toward malware, and stop living in denial.

  • | Post Points: 20
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sat, Apr 14 2012 10:53 AM

Back late last year, Apple announced they were handing their integration components over to Oracle to support - so it should all be built in to the new OpenJRE releases and Apple will release their patches the same day as everyone else. I'm sure this embarassment will help them push that process along.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 50 Contributor
Posts 2,861
Points 24,255
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Tue, Apr 17 2012 9:16 AM

or if you don't need Java don't install it in the first place. I'd say 90% of the Internet doesn't need it. The latest mac malware exploits a bug in Microsoft Word patched in 2009. http://www.zdnet.com/blog/security/new-version-of-mac-os-x-trojan-exploits-word-not-java/11566?tag=mantle_skin;content

 

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS