Javascript Exploit Fixed on All OS’s … Except Mac OS

I’m not sure if I divulged this, but I am an avid Mac OS fan. No, I’m not the creative type, but most of my computer knowledge was done via Mac. My very first Mac was a Mac Plus (never really owned a PC till I built one much later on). Then I got a job at E! Entertainment Television, and they were an all Mac OS shop. So my point is I’m a big Mac fanatic.

So it disheartens me to a great extent when I find this Java Exploit (CVE-2008-5353). As with most exploits, if compromised, the attacker may take over a system. Now the popular thought was that Mac would not be vulnerable to all these various attacks that Windows have been vulnerable for a long time, but that is a dangerous assumption to make. This particular one, is not Windows specific, Mac specific, or even UNIX specific. This is in the Sun Java code, which they really did fix, and it has been incorporated in all Windows, Linux, Solaris, and all other OS’s that use JAVA Runtime Engine … except for MAC. Why, oh why, Apple, why?

This exploit was patched and fixed by Sun in December 2008, so this fix has been around for coming up on 6 months. Is there a good reason for not putting this in? I kept trying to think of a good reason, but I can’t. In fact, one individual got so frustrated with Apple, waiting for them to fix this, that he decided to put an exploit out in the wild, and publish this, in hopes that Apple will finally do something about this. This has been distributed throughout the security community … I’ve seen it posted on securemac, slashdot, zdnet, and even US Cert. We’ll have to wait and see if Apple actually does anything with this.

So for now, I have turned off all Java and Javascripting from the browsers I use on the Mac. The problem is there are so many web sites that use Java for their video streaming, and Java is such an integral part of the web browsing experience. This is really annoying, and will force me to not use my Mac until they fix this, and use my PC more often. Damn … I was hoping only to use that damn friggin’ PC only for work.

Nice job, Apple!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s