To be honest, Java doesn't affect regular desktop users that much. So little in fact, I've disabled Java on my Firefox, so that the annoying disk-thrashing that is a java applet, doesn't slow my browsing on occasion.
That said, I fully expect Apple to patch this, right quick. And maybe update Java as well.
Seems like MacOS X is the only platform without an official fix.
You linked to an August 2007 post. Since then, Apple posted at least one new version of MacOS X 10.4, MacOS X 10.4.10, and a new version of its OS, MacOS X 10.5. That said, the most recent components of my fully updated set of my MacOS X 10.4.10 Java frameworks are at version 5.3.2 dated February 15, 2007. I have no idea whether or not it is subject to the exploit mentioned in the August post.
The vulnerabilities don't even say which Sun JVM they apply to - a bit sloppy and imprecise. The specific issues noted are possible to be platform build specific and Sun's Linux/Windows JVMs do not automatically have all the same vulnerabilities. I'm sure somebody is trying these same new vulnerabilities against the Apple JVMs in hopes of getting to publish more vulnerabilities on the cheap. Until that happens though we don't know for sure.
Comments
Anyone been rooted by this Java exploit?
Then again you might not know it if you were
That said, I fully expect Apple to patch this, right quick. And maybe update Java as well.
...
Seems like MacOS X is the only platform without an official fix.
You linked to an August 2007 post. Since then, Apple posted at least one new version of MacOS X 10.4, MacOS X 10.4.10, and a new version of its OS, MacOS X 10.5. That said, the most recent components of my fully updated set of my MacOS X 10.4.10 Java frameworks are at version 5.3.2 dated February 15, 2007. I have no idea whether or not it is subject to the exploit mentioned in the August post.
Sun has issued updates for their products, but since Apple maintains it's own Java releases Mac users are still left vulnerable at this point...
http://www.frsirt.com/english/advisories/2008/0770
More critical Java vulnerabilities!
Sun has issued updates for their products, but since Apple maintains it's own Java releases Mac users are still left vulnerable at this point...
http://www.frsirt.com/english/advisories/2008/0770
Actually it is unknown.
The vulnerabilities don't even say which Sun JVM they apply to - a bit sloppy and imprecise. The specific issues noted are possible to be platform build specific and Sun's Linux/Windows JVMs do not automatically have all the same vulnerabilities. I'm sure somebody is trying these same new vulnerabilities against the Apple JVMs in hopes of getting to publish more vulnerabilities on the cheap. Until that happens though we don't know for sure.