Java Vulnerability on Mac OS X

ByMike Moffit

Word is spreading that there’s a critical security vulnerability in Java on Mac OS X. Actually, it’s a couple of vulnerabilities that can be taken advantage of to run commands outside of the browser as the user that launched the browser. The truth is that it’s been known about since at least August of last year and Sun, the makers of Java, fixed it long ago, but those fixes haven’t made it into Mac OS X yet, not even the 10.5.7 update.

So, what’s a Mac User to do? There’s no known use of exploit beyond the proof-of-concept examples, but the triage is pretty simple:

1. Turn off ‘Open “safe” files after downloading’ in Safari -> Preferences -> General
2. Turn off Java in Safari -> Preferences -> Security and any other browsers you use

This will prevent malicious Java code on a web page or downloaded from running automatically. There’s no reason to panic and JavaScript will still function normally, but it’s better to be on the safe side if you’re not regularly visiting web sites requiring Java.

If you’re technically inclined, you may be interested in the detailed explanation of the vulnerabilities.

[Via Daring Fireball]

Similar Posts

  • The Last Roar of Rosetta

    With the release of Lion lurking on the horizon, we’ve been inundated with questions on upgrade strategies and compatibility. Lion is jam-packed with…

  • Flickr Roundup

    Flickr is one of the best if not the best web site for digital image enthusiasts. Anyone can create an account, and upload…

  • PBS Releases iPhone App

    PBS yesterday released an iPhone specific version of their popular iPad app which debuted last Fall. This well designed app is perfect for…

  • Another Nifty xBox App for Mac

    While perusing the web this morning I came across a nifty little application that lets you see your xBox Live! friends, what they’ve…

  • xBox360 Gamertag Widget

    I just picked up an xBox360 a couple weeks ago, and finally this past weekend I got to use it. One feature of…