Java Vulnerability on Mac OS X

ByMike Moffit

Word is spreading that there’s a critical security vulnerability in Java on Mac OS X. Actually, it’s a couple of vulnerabilities that can be taken advantage of to run commands outside of the browser as the user that launched the browser. The truth is that it’s been known about since at least August of last year and Sun, the makers of Java, fixed it long ago, but those fixes haven’t made it into Mac OS X yet, not even the 10.5.7 update.

So, what’s a Mac User to do? There’s no known use of exploit beyond the proof-of-concept examples, but the triage is pretty simple:

1. Turn off ‘Open “safe” files after downloading’ in Safari -> Preferences -> General
2. Turn off Java in Safari -> Preferences -> Security and any other browsers you use

This will prevent malicious Java code on a web page or downloaded from running automatically. There’s no reason to panic and JavaScript will still function normally, but it’s better to be on the safe side if you’re not regularly visiting web sites requiring Java.

If you’re technically inclined, you may be interested in the detailed explanation of the vulnerabilities.

[Via Daring Fireball]

Similar Posts

  • The end of ATA/IDE Hard Drives?

    By Jon, jon@smalldog.com (written by Jon, posted by Ed) Seagate has stopped production of ATA/IDE hard drives now that the vast majority of…

  • Google Announces Chrome OS

    It’s shaping up to be a Google news-filled week, as Google announced this morning that they will expand their offerings to include an…

  • Mac Pilot

    For those of you who like to customize your working environment then Mac Pilot is something you really want to have a look…

  • iStat Pro Widget

    Are you feeling geeky? Wanna know exactly how much of your CPU you’re using or about how much memory is being used up?…