Apple Patches Vulnerability in Java

Sue Marquette Poremba
Slide Show

Cyber Criminals Targeting High-Profile Brands and Keywords to Undermine Users

Fans of the Apple OS aren't going to like hearing this, I'm sure, but I've been seeing a slow but steady creep of emails, alerting me of a new vulnerability or potential for attack.


The latest is a drive-by attack exploiting a vulnerability in Java, targeting computers that use the Mac operating system. According to MSNBC:

Monday, the Finnish security firm F-Secure reported that the Mac Flashback Trojan, which has been steadily evolving since September, now exploits a flaw in the Java engine that many websites use to host games and other applets.

The flaw was first discovered in January and was patched by Windows in February. The Apple patch has just been released, according to CNET. That's the good news, and it is recommended that anyone who runs the Mac OS and uses Java download the patch immediately. (Better yet, most security experts will advise you to stop using Java altogether, but that's a different story for a different day.)


Now, here's an interesting comment from the CNET article that includes links to the patch downloads. The article's author, Topher Kessler, is a long-time Mac user, and he wrote:

While Apple has been criticized for lagging behind in its support of Java updates, this update has been released in less than a week since the initial reports of the latest Flashback malware variant.

Yet, go to the Sophos Naked Security blog, and you'll read this:

Apple users won't feel any consolation at all in the knowledge that their Windows cousins have been protected against the flaw since February.
So my question is this-was there a brand new flaw just recently discovered by Apple, or has it been kept quiet so it seems like Apple found the vulnerability recently and patched it right away?

In any case, the moral of the story here is that the time has clearly come for Apple OS users to become more vigilant about security. Sophos strongly recommends making sure you are running an anti-virus program and rethinking your use Java. Bottom line, until Apple proves it is stepping up to the plate to patch vulnerabilities sooner rather than later, users need to pay closer attention. Long gone are the days when Apple users can brag that their systems are safe from malware attacks.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.