Apple patch comes three months after security warning

Apple Computer has released a patch for Mac OS X fixing a major security hole in Java -- three months after Sun Microsystems's original warning.

The vulnerability, first revealed in late November, could allow an applet, embedded in a website for example, to bypass Java's security restrictions and potentially execute malicious code on a user's system. It wasn't originally clear whether OS X was affected -- Sun's November advisory only listed Solaris, Linux and Windows in its list of vulnerable operating systems.

"You only need to visit a website for it to be able to run arbitrary code outside the Java sandbox environment. This gives the attacker the same privileges as the user who is currently logged on," said Thomas Kristensen, chief technology officer at IT security firm Secunia.

On Tuesday, Apple acknowledged the Java flaw affects Mac OS X and included the fix in a security update. The fix is available from Apple's website and through OS X's automated update system. On OS X, the bug doesn't affect versions of Java before 1.4.2, Apple said. Kristensen noted that some operating system makers, such as Gentoo, patched the flaw a few days after Sun's original warning.

The Java flaw is an embarrassment for Sun, which portrays Java as more secure than Microsoft alternatives such as ActiveX. Apple has also had a problem with its handling of security issues recently -- last year it was criticized for downplaying serious security flaws in Mac OS X, though critics say the company has become more open since then.

In an analysis last year, security firm Secunia found that OS X doesn't stand out as particularly more secure than the competition, in contrast to its image. The operating system had a similar proportion of critical bugs to competitors such as Windows XP Professional, Red Hat Advanced Server and Suse Linux Enterprise Server, Secunia said. However, Mac users generally don't experience the kinds of attacks Windows users do, because of the platform's small market share.

In January, researchers found a serious hole in Darwin, the Unix-based core of OS X that Apple likes to call "rock-solid".

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Ada Chan

Dynabook Portégé X30L-G

I highly recommend the Dynabook Portégé® X30L-G notebook for everyday business use, it is a benchmark setting notebook of its generation in the lightweight category.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?