Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Macintosh java updates
From: Curt Wilson <curtw () SIU EDU>
Date: Wed, 18 Jul 2007 14:56:47 -0500

I don't have the answers, however this is certainly something that's
worthy of some investigation, especially as client-side application
attacks continue to grow (Storm for instance hitting Quicktime and
Winzip vulns).

Old versions of Java seem to just stack up on the box. I'm not sure if
they can be accessed by a remote hostile applet or not. I've known of
some hostile java in the past (brown orifice, byteverify trojan) but it
seems like an area ripe for attack and therefore in need of defense.

Gary Flynn wrote:
Can someone more Macintosh literate than me explain how java security
updates are handled on the Macintosh platform?

Apple's web site says "Apple has optimized Java on Mac
OS X".
http://www.apple.com/macosx/features/java/

Sun's java site says to download java from the Apple site:

http://www.java.com/en/download/manual.jsp
links to:
http://www.apple.com/support/downloads/javaformacosx104release5.html

The update offered there is dated February 15th, 2007. The only
java versions available are 1.5.0_07 and 1.4.2_12. Those
versions are significantly out of date. There have been at least
six critical java security udpates since December that are not
included in the offered versions.





--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault