Updated 12:30 p.m. PDT with Apple comment
Macintosh security consulting firm SecureMac.com on Tuesday issued a critical warning for what it says is an unpatched Java security vulnerability in Apple's Mac OS X.
According to the man credited with discovering it, Landon Fuller, the Java flaw even affects the latest version of Mac OS X, 10.5.7, released just a week ago. Fuller has gone so far as to release a proof of concept for the security hole.
The vulnerability could be used to perform what SecureMac refers to as "drive-by-downloads," or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.
In a post on his Web site, Fuller clearly seems upset and mystified that the vulnerability remains unpatched in the latest versions of the operating system.
"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller said on his site. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue."
"We are aware of the issue and we are working on a fix," Apple spokeswoman Monica Sarkar said. She could not give a time frame for the fix and declined to comment further.
Fuller's demonstration runs on "fully patched" Intel and PowerPC Macs.
The only workaround for the vulnerability is to disable the use of Java applets in your Web browsers and turn off the preference to "Open safe files after downloading" in Safari, he said.
Google's latest version of Chrome has claimed the lead in my JavaScript speed tests, but Apple's new Safari 4 beta is the first browser to challenge it on Google's own performance benchmark.
JavaScript is a programming language that powers not just innumerable ordinary Web sites, but also many Web-based applications such as Google Docs. With the computing industry's major push to cloud computing, Web application performance is increasingly important, and there's a race on to see who's got the best JavaScript engine. JavaScript engines even have become a named feature, with Chrome's V8, Firefox's TraceMonkey, Opera's Futhark and upcoming Carakan, and now the Safari's newly branded Nitro, which is Apple's version of WebKit's Squirrelfish.
On the SunSpider test, the new Safari 4 beta scored third place.
(Credit: Stephen Shankland/CNET News)
With Safari 3, I admired Apple's chutzpah for bringing its browser to Windows. With the new Safari 4 beta, I'm actually starting to admire the browser, too.
A big user interface overhaul makes Safari look polished rather than clunky on Windows, builds in better search abilities, and makes good use of the fact that people often visit the same sites over and over.
However, the lack of something like the extensions architecture that Firefox pioneered still means Safari 4 (download for Windows and Mac OS X) is better only than Safari 3, not the competition.
... Read more
Just about every browser out there now is trying to grab the crown for fastest performance for running JavaScript, the programming language that powers many increasingly sophisticated Web-based applications. The latest development is from the programmers behind Apple's Safari.
Mozilla bragged earlier this month about TraceMonkey, a new JavaScript engine due to ship in Firefox 3.1 near the end of 2008. Next came Google's Chrome, a leading feature of which is the performance of its V8 JavaScript engine. Now the WebKit programmers, whose open-source code is used in Apple's Safari browser and the Konqueror browser of the KDE interface software sometimes used on Linux systems, have a new version of their JavaScript technology.
It's called Squirrelfish Extreme, and the WebKit programmers said Thursday in a blog posting that it's more than twice as fast as the first-generation Squirrelfish announced in June and more than three times faster than the current WebKit 3.1 version. They based their conclusions on one benchmark, SunSpider.
"SquirrelFish Extreme uses more advanced techniques, including fast native code generation, to deliver even more JavaScript performance," the programmers said.
For details of Squirrelfish's techniques--bytecode optimization, a polymorphic inline cache, a context-threaded just-in-time compiler, and a regular expression just-in-time compiler--check the WebKit blog.
Charles Ying also performed SunSpider tests that showed Squirrelfish beating Google's V8 and Mozilla's Tracemonkey on a 2.4GHz iMac.
WebKit's SquirrelFish Extreme is faster than its three-month-old predecessor on the SunSpider JavaScript benchmark.
(Credit: WebKit)Sony Ericsson wants mobile software developers to have the best of both worlds.
Next week at JavaOne, the company plans to demonstrate its Project Capuchin, which will allow software developers to create applications for mobile phones that can use pieces of both Java ME and Adobe Systems' Flash Lite to create their applications. The company plans to release a set of APIs (application programming interfaces) and a software development kit in the second half of this year to bring the two different mobile development styles together.
For example, Java developers could decide to use the richer user interface technology found in Flash Lite, said Ulf Wretling, general manager, head of developer program and communications for Sony Ericsson. Or maybe a developer wants to use Java's three-dimensional graphics for a mobile game but would prefer to use Flash Lite for menus, he said.
The problem with this kind of project is that while it creates a "bridge" between the two technologies, as Wretling put it, it also pulls developers away from the current road map for both Java and Flash Lite. The difference here is that developers will still be able to create regular Java or Flash applications using this set of APIs, just mixing and matching technology from the other camp as needed.
This technology will be used on the mass-market mobile phone, not the smartphone category with more sophisticated operating systems. Sony Ericsson phones will arrive in the second half of the year with this technology, but the company plans to release the software development kit before the phones arrive.
- prev
- 1
- next
