Even though this came out last week, there still hasnt' been anything done. Mac OS X Java security hole exposed "As Landon Fuller has pointed out, a potentially nasty Java exploit remains unpatched in Mac OS X, including last week's OS X 10.5.7 update. Essentially, this exploit can allow malicious code to run outside of the confines of Java, and run arbitrary commands with whatever user permissions the logged in user has. So just by visiting a website, you could be allowing malicious software access to running commands on your system. Not cool. Not cool at all."
Fuller wrote: "Mac OS X users should disable Java applets in their browsers and disable 'Open "safe" files after downloading' in Safari."
Over a dozen years after Java promised browser security with sandboxing, we still can't get it right.
Update: I think this finally got fixed today, July 15th, 2009.
No comments:
Post a Comment