Subscription Center
Jun 16, 2009 04:26 PM | 4
Six months after the discovery of a security flaw in Apple's implementation of Java software in some versions of the Mac OS X operating system, the company is releasing a fix.
The software flaw could allow a hacker to install and execute malicious software (malware) on Macs running Leopard and some Tiger operating systems. Once onboard the Macs, the malware could be used to steal information from the computers.
Security researchers claim that Apple has been ignoring their warnings about this problem for months. Five months ago the Java vulnerabilities were publicly disclosed, and fixed by Sun Microsystems (the company that developed and maintains Java), according to a May blog post by Landon Fuller, founder of software maker Plausible Labs Cooperative, Inc. in San Francisco and a former Apple programmer. Fuller also published a proof-of-concept hack on his Web site demonstrating how someone could exploit the vulnerability to attack or even take control of another person's Mac, Computer Reseller News (CRN) reports.
Intego, an Austin, Texas, -based maker of Mac security software, last month also issued a warning for Mac users to disable Java in their Web browsers until Apple got around to fixing the Java vulnerability, reports InformationWeek. The flaw in Java, a programming language Sun introduced in 1995 to allow the same software to run on many different computer platforms, could allow Mac users to be attacked simply by visiting a Web site containing malware designed to exploit the flaw (also known as "drive-by" attacks). Hackers writing such malware could then access or delete files on the vulnerable Mac, according to Intego.
While Washington Post computer security reporter Brian Krebs writes that Apple has a history of patching Java flaws on average about six months after Sun has fixed them, Apple is far from the only big software company known to drag its feet when fixing problems with its products. Microsoft, Oracle, Cisco and others have been known to take a reactive (rather than proactive) approach toward disclosing and fixing security flaws in their software, sometimes prompting security experts to (as Fuller did) write and publish blueprints for exploiting those flaws.
One of the most infamous examples of this came at the Black Hat security conference in July 2005 when then-24-year-old security expert Michael Lynn gave a presentation demonstrating how to take control of Cisco network routers thanks to a security hole in Cisco's software. When Cisco got wind of what Lynn was doing at the conference, the company demanded that Black Hat remove Lynn's presentation from its conference handouts and got a court order to prevent Lynn from ever giving his presentation again. Cisco claimed that it had already issued a patch for the problem in April 2005, but Lynn countered that Cisco underplayed to customers the seriousness of the security problem, so many had not bothered to install it.
Image ©iStockphoto.com/ Robert Koopmans
Tags:
security,
Mac OS X,
Microsoft,
Apple,
Oracle,
Cisco,
Michael Lynn,
malware
More News Blog:
Next: Snakes rattle war-torn Iraq
Previous: Government report says snowmobiling, maple syrup, and lobster fishing are being hurt by climate change
See what we're tweeting about
Dhunterauthor Call Me Crazy, But... http://t.co/GK8hD9o8Hp
JenLucPiquant Patent for a Jerkmeter: "If you study jerks in a formal way, you are probably familiar with jerkmeters." http://t.co/wwE8sTCTGG
DrJudyStone Impressive story: How Jeannette Walls Spins Good Stories Out of Bad Memories http://t.co/22Dg2QWggZ
Deadline: Aug 31 2013
Reward: $100,000 USD
The Geoffrey Beene Foundation Alzheimer’s Initiative (GBFAI) is launching the 2013 Geoffrey Beene Global NeuroDiscovery Challenge whose
Deadline: Jul 15 2013
Reward: $5,000 USD
SciBX: Science-Business eXchange, a joint publication from the makers
Powered By: 
YES! Send me a free issue of Scientific American with no obligation to continue the subscription. If I like it, I will be billed for the one-year subscription.
4 Comments
Add CommentIf MS did this they would be excoriated in the media.
Reply | Report Abuse | Link to this@ candide: the rotten apple pic is not excoriation?
Reply | Report Abuse | Link to thisThe rotten apple pic is not excoriation. A bunch of journalists use Mac and that's probably why media coverage on this was less than it would have been expected since it took them SIX months to roll out a fix. I'll say, Mac does know how to take advantage of tv commercials about PC's vulnerablilties though... but they are in the same boat. As more people adopt Mac, more exploits will be found. My two cents.
Reply | Report Abuse | Link to this@jrlopezp: Fair enough. Apple in question still has core, therefore NOT excored.
Reply | Report Abuse | Link to this