Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Critical Java Vulnerability for Mac OS X Users

DZone's Guide to

Critical Java Vulnerability for Mac OS X Users

· Java Zone ·
Free Resource

Download Microservices for Java Developers: A hands-on introduction to frameworks and containers. Brought to you in partnership with Red Hat.

Intego Security has reported a critical flaw in the version of Java shipped with Mac OSX. The flaw allows local code on the user's Mac to be executed remotely, typically from malicious applets.

Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue. Security researcher Landon Fuller has published, on his web site, a proof-of-concept Java applet that exploits this vulnerability to demonstrate how easy it is to run code remotely.

For now it seems like the best way to protect against the exploit is to switch off Java on your browser. In Safari, choose Safari > Preferences, click the Security tab, and uncheck Enable Java if it is checked. It is safe to leave Enable JavaScript activated, since this vulnerability only affects Java applets.  Soylatte users do have the option to upgrade to an OpenJDK6 release.

Intego

While no applets the exploit this vulnerability have been found yet, it will only be a matter of time given the publicity generated around the web about the flaw. Full details on the flaw are here.

Download Building Reactive Microservices in Java: Asynchronous and Event-Based Application Design. Brought to you in partnership with Red Hat

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}