Thursday, May 21, 2009
Apple Has Yet to Fix Java VM Vulnerability
Posted by Jeff Campbell in "Apple Software (OS X)" @ 10:00 AM
"A vulnerability in the Java virtual machine, which can allow arbitrary code execution, was publicly disclosed and fixed by Sun last December. However, security experts warn that the JVM in Mac OS X still remains un-patched against the vulnerability."
I don't know a lot about this particular hole, but what could happen if it isn't fixed, is that by visiting any website that has a "specially crafted" Java applet you open yourself up to trouble. This could mess up your machine, regardless of the platform or browser. So the only way to avoid potential exploits is to disable java in your browser, and to be extra careful, they say it wouldn't be a bad idea to disable the "open safe files after downloading" option in Safari. If you cant trust the code 100 percent (which I surmise means that you need to stay away from porn sites and be extra careful with clicking on those tiny urls) then either use the safeguards or avoid the site.
