Apple issues Java security update

Apple Computer has released a Java update for Mac OS X to deal with flaws, one of which could enable malicious attackers to gain access to a system.

The Java 2 Standard Edition 5.0 Release 4 update, issued Monday, fixes a vulnerability in Java Web Start. The hole could allow a specially crafted application to bypass security restrictions and access resources on a system, potentially giving entry to an intruder. Java Web Start is a technology that loads Java applications over a network such as the Internet.

The update also patches a set of bugs in the "reflection" application programming interface, or API, parts of the Java Runtime Environment. These flaws could also allow an attacker to bypass security barriers to take control of a system.

The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted Tuesday.

The issues affect Mac OS X version 10.4.5 and the corresponding server edition of the operating system, which have Java 2 built into them. Apple advises people with this software to download and install the J2SE update.

The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux. In February, Sun issued an alert for the Web Start flaw and the Java Runtime Environment issues in these operating systems.

Santa Clara, Calif.-based Sun said at the time that it did not believe that the Web Start vulnerability had been exploited.

[mrpeabody3119]

So begins another MAC vs PC war

I want a clean fight.... MS fanboys - marketshare, MAC fanboys - It is the users fault (no really)

[john55440]

So begins another MAC vs PC war

&gt;MS fanboys - marketshare...<br /><br />What's a Mac?<br /><br />I thought Apple just made iPods. :-)<br /><br />I don't know if anyone other than Microsoft employees qualify as "MS fanboys". Windows users have a healthy relationship with their computers. We don't worship them. :-)

[Bob Brinkman]

in all fairness to users

They don't care what platform it is, they'll still find a way to break it you'd never even thought of. <br /><br />Raise a glass to 'em the next time you are at the bar.

[mrpeabody3119]

So begins another MAC vs PC war

I want a clean fight.... MS fanboys - marketshare, MAC fanboys - It is the users fault (no really)

[john55440]

So begins another MAC vs PC war

&gt;MS fanboys - marketshare...<br /><br />What's a Mac?<br /><br />I thought Apple just made iPods. :-)<br /><br />I don't know if anyone other than Microsoft employees qualify as "MS fanboys". Windows users have a healthy relationship with their computers. We don't worship them. :-)

[Bob Brinkman]

in all fairness to users

They don't care what platform it is, they'll still find a way to break it you'd never even thought of. <br /><br />Raise a glass to 'em the next time you are at the bar.

[shadowself]

Only one to fix?

"The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux."<br /><br />So is Apple the only one to have fixed this?<br />OR<br />Is Apple the last one to fix this?

[Bob Brinkman]

It looks to me like

This exploit runs on Apple's OS, Apple isn't going to patch an exploit that was designed for Sun or Microsoft and vice versa.

[aabcdefghij987654321]

Last to fix

Or latest to fix, I'm not sure everyone has their fix out yet.<br /><br />Of course this bug comes courtesy of Sun so it's hardly fair to blame anyone but them.

[shadowself]

Only one to fix?

"The Java problems also have an impact on Microsoft Windows, Sun Microsystems' Solaris and Linux."<br /><br />So is Apple the only one to have fixed this?<br />OR<br />Is Apple the last one to fix this?

[Bob Brinkman]

It looks to me like

This exploit runs on Apple's OS, Apple isn't going to patch an exploit that was designed for Sun or Microsoft and vice versa.

[aabcdefghij987654321]

Last to fix

Or latest to fix, I'm not sure everyone has their fix out yet.<br /><br />Of course this bug comes courtesy of Sun so it's hardly fair to blame anyone but them.

[Ganymede28211]

Just a suggestion...

I suggest that they add support to ad-ware and virus scanners to detect and remove any software that is deemed a total pain in the rear-end... First on the list.. JAVA.. in any variant on any OS....

[Ganymede28211]

Just a suggestion...

I suggest that they add support to ad-ware and virus scanners to detect and remove any software that is deemed a total pain in the rear-end... First on the list.. JAVA.. in any variant on any OS....

[Thomas, David]

Gee ...

I installed this update yesterday. Very interesting, that the "news" isn't "news" at all. Sort of after the fact. The point of "news" is to inform the public, or community, about something they don't know about.<br /><br />Given this was an update to the Java runtime system, that included enhancements, as well as fixes, I can't figure out the "news" angle.<br /><br />But I guess some alarmism is needed to keep as many viewers as possible.

[TMB333]

Oh my gosh, sorry!

I'm sorry that I didn't realize that the world revolves around you!<br /><br />So according to what you say, something isn't "news" if YOU'VE already heard about it. It's irrelevant to those of us that are hearing it for the first time, because as long as YOU'VE heard about it, then there's no need to tell anyone else about it.<br /><br />All hail Mr. Thomas! He is the center of the Universe!

[Thomas, David]

Gee ...

I installed this update yesterday. Very interesting, that the "news" isn't "news" at all. Sort of after the fact. The point of "news" is to inform the public, or community, about something they don't know about.<br /><br />Given this was an update to the Java runtime system, that included enhancements, as well as fixes, I can't figure out the "news" angle.<br /><br />But I guess some alarmism is needed to keep as many viewers as possible.

[TMB333]

Oh my gosh, sorry!

I'm sorry that I didn't realize that the world revolves around you!<br /><br />So according to what you say, something isn't "news" if YOU'VE already heard about it. It's irrelevant to those of us that are hearing it for the first time, because as long as YOU'VE heard about it, then there's no need to tell anyone else about it.<br /><br />All hail Mr. Thomas! He is the center of the Universe!

[J.G.]

More missing information

The article also does not make it clear that up-to-date Mac users <br />are already in 10.4.6. That should have been included since many <br />people would think from reading it that they are pass an issue the <br />article says is associated with 10.4.5.

[J.G.]

More missing information

The article also does not make it clear that up-to-date Mac users <br />are already in 10.4.6. That should have been included since many <br />people would think from reading it that they are pass an issue the <br />article says is associated with 10.4.5.