Over a million developers have joined DZone.

Critical Java Vulnerability for Mac OS X Users

DZone's Guide to

Critical Java Vulnerability for Mac OS X Users

· Java Zone ·
Free Resource

Get the Edge with a Professional Java IDE. 30-day free trial.

Intego Security has reported a critical flaw in the version of Java shipped with Mac OSX. The flaw allows local code on the user's Mac to be executed remotely, typically from malicious applets.

Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue. Security researcher Landon Fuller has published, on his web site, a proof-of-concept Java applet that exploits this vulnerability to demonstrate how easy it is to run code remotely.

For now it seems like the best way to protect against the exploit is to switch off Java on your browser. In Safari, choose Safari > Preferences, click the Security tab, and uncheck Enable Java if it is checked. It is safe to leave Enable JavaScript activated, since this vulnerability only affects Java applets.  Soylatte users do have the option to upgrade to an OpenJDK6 release.


While no applets the exploit this vulnerability have been found yet, it will only be a matter of time given the publicity generated around the web about the flaw. Full details on the flaw are here.

Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}