Apple Patches Java, OS X and Safari 3 Flaws
Apple pushed out a bushel of patches late last week to fix at least 18 security vulnerabilities in its implementation of Java for Mac users. Then on Monday, the company issued a large update that plugged at least 40 security holes in different versions of its OS X operating system. Another standalone patch eliminates a single security flaw in Safari 3 Beta for Windows.
The Java update applies to Mac systems running OS X 10.4 (Tiger) and earlier versions. Apple says none of the vulnerabilities patched in the Java roll-up are present in OS X 10.5 (Leopard). However, a fair number of the fixes in the patch batch for OS X also apply to Leopard.
Some of the security vulnerabilities included in the 80 megabyte Java package were fixed by Java maker Sun Microsystems nearly a year ago. For Apple users, these are not trivial flaws: Apple says some of the holes could be used to add or remove items from a user's Keychain (which manages passwords on the Mac) without prompting the user. A slew of other vulnerabilities could be used to plant executable programs on Mac systems.
Yet, as a number of other bloggers have already pointed out, for whatever reason Apple's Software Update program fails to alert users that the Java update includes a large number of important security updates.
Posted by: antibozo | December 18, 2007 3:13 PM | Report abuse
Posted by: Chuck | December 18, 2007 11:01 PM | Report abuse
Posted by: James | December 19, 2007 8:29 AM | Report abuse
Posted by: Nick | December 19, 2007 12:26 PM | Report abuse
Posted by: TJ | December 19, 2007 1:35 PM | Report abuse
Posted by: CL | December 19, 2007 7:20 PM | Report abuse
Posted by: Sigh | December 20, 2007 7:58 AM | Report abuse
Posted by: MOH | December 24, 2007 2:39 PM | Report abuse
The comments to this entry are closed.