Apple releases Mac patch for major java vulnerability, fixes 32 issues

Contrary to the usual beliefs that my Mac is fully secure, we have reported again and again that it isn’t exactly the same unless you are one of those self -assured types with eyes closed. The reason Mac community hasn’t been affected is because of the strange aloofness of Black Hat groupies to exploit its vulnerabilities rather than pampering it. Anyway, just to prove my point that Apple never was too concerned about patching the security loopholes, they have at last fixed a potentially very harmful Java hole after almost 11 months of being addressed by Sun Microsystems. Sun warned the world of flaws in its Java virtual machine that make it easy for attackers to execute malware on users’ Macs, PCs, and Linux boxes and they had fixed it for Windows and Linux at least 6 months before. So, Apple did it after the tech world knew, got worried, fixed and forgot about it.

The Flaw

The flaw, was originally found by Sami Koivu, who reported it to Sun Microsystems on August 1st 2008.  The vulnerability also affected OpenJDK, GIJ, icedtea and Sun’s JRE, which share the same core classes with Apple’s Java SE and J2SE.  A patch was issued by Sun on December 3rd 2008, with most of these distributions quickly incorporated it.

as dailytech reports.

The Solution

You can download the patches from here

• Java for Mac OS X 10.4, Release 9
• Java for Mac OS X 10.5 Update 4

Previous Experiences of Apple being negligible with security issues

It isn’t the first time that Apple has been negligible with security issues.

Last month, a security researcher angered by the delays posted attack code that exploited one of the unfixed bugs. The vulnerability exploited by Landon Fuller, a San Francisco-based researcher, was one of the many that Sun fixed Dec. 3, 2008, but that Apple only got around to patching yesterday.

And then in last August, security researchers said Apple didn’t move fast enough to fix the DNS flaw identified by Dan Kaminsky.

“Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue,” Intego, a Mac security software maker said in a security advisory last month.