April 19, 2006 10:10 AM PDT

Apple issues Java security update

Related Stories

Apple corrects patch trouble

March 13, 2006

Mac OS X patch faces scrutiny

March 7, 2006

Sun plugs serious holes in Java

November 29, 2005

Java flaws open door to hackers

June 14, 2005
Apple Computer has released a Java update for Mac OS X to deal with flaws, one of which could enable malicious attackers to gain access to a system.

The Java 2 Standard Edition 5.0 Release 4 update, issued Monday, fixes a vulnerability in Java Web Start. The hole could allow a specially crafted application to bypass security restrictions and access resources on a system, potentially giving entry to an intruder. Java Web Start is a technology that loads Java applications over a network such as the Internet.

The update also patches a set of bugs in the "reflection" application programming interface, or API, parts of the Java Runtime Environment. These flaws could also allow an attacker to bypass security barriers to take control of a system.

The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted Tuesday.

The issues affect Mac OS X version 10.4.5 and the corresponding server edition of the operating system, which have Java 2 built into them. Apple advises people with this software to download and install the J2SE update.

The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux. In February, Sun issued an alert for the Web Start flaw and the Java Runtime Environment issues in these operating systems.

Santa Clara, Calif.-based Sun said at the time that it did not believe that the Web Start vulnerability had been exploited.

See more CNET content tagged:
Java, Java 2, J2SE, attacker, JRE

40 comments

Join the conversation!
Add your comment
So begins another MAC vs PC war
I want a clean fight.... MS fanboys - marketshare, MAC fanboys - It is the users fault (no really)
Posted by mrpeabody3119 (101 comments )
Reply Link Flag
So begins another MAC vs PC war
>MS fanboys - marketshare...

What's a Mac?

I thought Apple just made iPods. :-)

I don't know if anyone other than Microsoft employees qualify as "MS fanboys". Windows users have a healthy relationship with their computers. We don't worship them. :-)
Posted by john55440 (1020 comments )
Link Flag
in all fairness to users
They don't care what platform it is, they'll still find a way to break it you'd never even thought of.

Raise a glass to 'em the next time you are at the bar.
Posted by Bob Brinkman (556 comments )
Link Flag
So begins another MAC vs PC war
I want a clean fight.... MS fanboys - marketshare, MAC fanboys - It is the users fault (no really)
Posted by mrpeabody3119 (101 comments )
Reply Link Flag
So begins another MAC vs PC war
>MS fanboys - marketshare...

What's a Mac?

I thought Apple just made iPods. :-)

I don't know if anyone other than Microsoft employees qualify as "MS fanboys". Windows users have a healthy relationship with their computers. We don't worship them. :-)
Posted by john55440 (1020 comments )
Link Flag
in all fairness to users
They don't care what platform it is, they'll still find a way to break it you'd never even thought of.

Raise a glass to 'em the next time you are at the bar.
Posted by Bob Brinkman (556 comments )
Link Flag
Only one to fix?
"The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux."

So is Apple the only one to have fixed this?
OR
Is Apple the last one to fix this?
Posted by shadowself (202 comments )
Reply Link Flag
It looks to me like
This exploit runs on Apple's OS, Apple isn't going to patch an exploit that was designed for Sun or Microsoft and vice versa.
Posted by Bob Brinkman (556 comments )
Link Flag
Last to fix
Or latest to fix, I'm not sure everyone has their fix out yet.

Of course this bug comes courtesy of Sun so it's hardly fair to blame anyone but them.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Only one to fix?
"The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux."

So is Apple the only one to have fixed this?
OR
Is Apple the last one to fix this?
Posted by shadowself (202 comments )
Reply Link Flag
It looks to me like
This exploit runs on Apple's OS, Apple isn't going to patch an exploit that was designed for Sun or Microsoft and vice versa.
Posted by Bob Brinkman (556 comments )
Link Flag
Last to fix
Or latest to fix, I'm not sure everyone has their fix out yet.

Of course this bug comes courtesy of Sun so it's hardly fair to blame anyone but them.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Just a suggestion...
I suggest that they add support to ad-ware and virus scanners to detect and remove any software that is deemed a total pain in the rear-end... First on the list.. JAVA.. in any variant on any OS....
Posted by Ganymede28211 (179 comments )
Reply Link Flag
Just a suggestion...
I suggest that they add support to ad-ware and virus scanners to detect and remove any software that is deemed a total pain in the rear-end... First on the list.. JAVA.. in any variant on any OS....
Posted by Ganymede28211 (179 comments )
Reply Link Flag
Gee ...
I installed this update yesterday. Very interesting, that the "news" isn't "news" at all. Sort of after the fact. The point of "news" is to inform the public, or community, about something they don't know about.

Given this was an update to the Java runtime system, that included enhancements, as well as fixes, I can't figure out the "news" angle.

But I guess some alarmism is needed to keep as many viewers as possible.
Posted by Thomas, David (1947 comments )
Reply Link Flag
Oh my gosh, sorry!
I'm sorry that I didn't realize that the world revolves around you!

So according to what you say, something isn't "news" if YOU'VE already heard about it. It's irrelevant to those of us that are hearing it for the first time, because as long as YOU'VE heard about it, then there's no need to tell anyone else about it.

All hail Mr. Thomas! He is the center of the Universe!
Posted by TMB333 (115 comments )
Link Flag
Gee ...
I installed this update yesterday. Very interesting, that the "news" isn't "news" at all. Sort of after the fact. The point of "news" is to inform the public, or community, about something they don't know about.

Given this was an update to the Java runtime system, that included enhancements, as well as fixes, I can't figure out the "news" angle.

But I guess some alarmism is needed to keep as many viewers as possible.
Posted by Thomas, David (1947 comments )
Reply Link Flag
Oh my gosh, sorry!
I'm sorry that I didn't realize that the world revolves around you!

So according to what you say, something isn't "news" if YOU'VE already heard about it. It's irrelevant to those of us that are hearing it for the first time, because as long as YOU'VE heard about it, then there's no need to tell anyone else about it.

All hail Mr. Thomas! He is the center of the Universe!
Posted by TMB333 (115 comments )
Link Flag
More missing information
The article also does not make it clear that up-to-date Mac users
are already in 10.4.6. That should have been included since many
people would think from reading it that they are pass an issue the
article says is associated with 10.4.5.
Posted by J.G. (837 comments )
Reply Link Flag
More missing information
The article also does not make it clear that up-to-date Mac users
are already in 10.4.6. That should have been included since many
people would think from reading it that they are pass an issue the
article says is associated with 10.4.5.
Posted by J.G. (837 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.