Java Vulnerability on Mac OS X

Word is spreading that there’s a critical security vulnerability in Java on Mac OS X. Actually, it’s a couple of vulnerabilities that can be taken advantage of to run commands outside of the browser as the user that launched the browser. The truth is that it’s been known about since at least August of last year and Sun, the makers of Java, fixed it long ago, but those fixes haven’t made it into Mac OS X yet, not even the 10.5.7 update.

So, what’s a Mac User to do? There’s no known use of exploit beyond the proof-of-concept examples, but the triage is pretty simple:

1. Turn off ‘Open “safe” files after downloading’ in Safari -> Preferences -> General
2. Turn off Java in Safari -> Preferences -> Security and any other browsers you use

This will prevent malicious Java code on a web page or downloaded from running automatically. There’s no reason to panic and JavaScript will still function normally, but it’s better to be on the safe side if you’re not regularly visiting web sites requiring Java.

If you’re technically inclined, you may be interested in the detailed explanation of the vulnerabilities.

[Via Daring Fireball]

Similar Posts

  • Michael Bartosh, Rest in Peace

    My heart dropped into my stomach this morning when I read the news that Michael Bartosh, an excellent Mac OS X Server technologist,…

  • Virtue: Virtual Desktops

    I just recently started using Linux more then my PowerMac G4. Why? Because I have the ability to use multiple desktops and am…

  • Importance of Surge Protection & Insurance

    Saturday saw more severe thunderstorms, and each storm brings a surge of power-related repairs into the shop. Instead of the oh-so-2001 modem replacements,…

  • Mugshot

    I found this really neat program while surfing one of my favorite Apple blogs. It’s called Mugshot and it allows you to browse…

  • World of WarCraft Update

    One of my all time favorite games has recieved another update! This new version 1.11 includes a couple new features although there is…