Apple fixes 18 flaws in Tiger's Java
Sun patched some of the bugs nearly a year ago; Apple only now issues a fix
Apple's newest operating system, dubbed Leopard, does not need to be patched because it includes the updated Java components.
According to the accompanying advisory, Tiger's Java, Java 1.4 and Java 2 Standard Edition 5.0 contain flaws that in some cases could lead to what Apple called "arbitrary code execution," which means that attackers may be able to insert their own malware during an exploit and/or gain complete control of the machine. Unlike rivals such as Microsoft Corp., Apple does not rank or rate its security updates to give users an idea of the severity of the bugs.
Among the 18 vulnerabilities is one discovered by 3com Corp.'s TippingPoint unit in June 2006 and another reported to Sun in October 2006 by a member of Google Inc.'s security team. TippingPoint's flaw was fixed in January 2007, and the Google-reported bug was patched by Sun in May 2007. In both instances, updates were made available at the time for the Java components used by Windows, Linux and Solaris. But because Apple crafts the Java runtime for Mac OS X, its users were left unprotected an additional 11 and seven months, respectively.
However, no exploits using either bug were reported during that time.
The 80MB update, dubbed "Java for Mac OS X 10.4, Release 6," was not marked as a security update on Apple's download site, nor were the vulnerabilities or their patches mentioned in the description that appeared when users received notice by Mac OS X's Software Update tool. The phrasing Apple used said only that Release 6 improves "reliability and compatibility" for Java.
Read more about Security in Computerworld's Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!