Apple, which claims to have the most secure operating system in the
world, is apparently the last outfit in the universe to come up with a fix for a
dangerous Java vulnerability.
While every other operating system has fixed
the flaw, Apple seems to be sticking its iHands over its collective iEars over
the problem which allows a hacker to completely bypass the Java sandbox and
execute arbitrary code remotely in Java enabled web browsers.
This was found
by Sami Koivu and first reported on August 1st 2008 and was fixed by Sun in
December. Security outfits had been nice to Apple by not talking about it
while the outfit came up with a Patch. However when Apple dragged its feet on
creating one, the
CRO blog
felt that it needed to warn MacOS users that they should shut down Java on their
browser.
On that site it is close to the holy grail of client-side
vulnerabilities as it has a huge attack surface and it suffers from many other
security vulnerabilities. Apparently there are already a few exploits out
there, so maybe your Apple is not as secure as you thought.