unpatched Java exploit

Posted:
in macOS edited January 2014
Anyone been rooted by this Java exploit?

Seems like MacOS X is the only platform without an official fix.

Comments

  • Reply 1 of 6
    Quote:
    Originally Posted by Timmmy View Post


    Anyone been rooted by this Java exploit?



    Then again you might not know it if you were
  • Reply 2 of 6
    To be honest, Java doesn't affect regular desktop users that much. So little in fact, I've disabled Java on my Firefox, so that the annoying disk-thrashing that is a java applet, doesn't slow my browsing on occasion.



    That said, I fully expect Apple to patch this, right quick. And maybe update Java as well.
  • Reply 3 of 6
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by Timmmy View Post


    ...

    Seems like MacOS X is the only platform without an official fix.



    You linked to an August 2007 post. Since then, Apple posted at least one new version of MacOS X 10.4, MacOS X 10.4.10, and a new version of its OS, MacOS X 10.5. That said, the most recent components of my fully updated set of my MacOS X 10.4.10 Java frameworks are at version 5.3.2 dated February 15, 2007. I have no idea whether or not it is subject to the exploit mentioned in the August post.
  • Reply 4 of 6
    Fully patched 10.4.11 PPC (Build 8S165) is vulnerable to this remote exploit!
  • Reply 5 of 6
    timmmytimmmy Posts: 68member
    More critical Java vulnerabilities!

    Sun has issued updates for their products, but since Apple maintains it's own Java releases Mac users are still left vulnerable at this point...

    http://www.frsirt.com/english/advisories/2008/0770
  • Reply 6 of 6
    hirohiro Posts: 2,663member
    Quote:
    Originally Posted by Timmmy View Post


    More critical Java vulnerabilities!

    Sun has issued updates for their products, but since Apple maintains it's own Java releases Mac users are still left vulnerable at this point...

    http://www.frsirt.com/english/advisories/2008/0770



    Actually it is unknown.



    The vulnerabilities don't even say which Sun JVM they apply to - a bit sloppy and imprecise. The specific issues noted are possible to be platform build specific and Sun's Linux/Windows JVMs do not automatically have all the same vulnerabilities. I'm sure somebody is trying these same new vulnerabilities against the Apple JVMs in hopes of getting to publish more vulnerabilities on the cheap. Until that happens though we don't know for sure.
Sign In or Register to comment.