Back to the articleYou could have been... #
Posted Tuesday 16th June 2009 18:17 GMT
... but as far as I know no one was. I just turned java off until now.
Apple releases Java patches (finally)
Java for Cloud Assignations and AIMissions #
Posted Tuesday 16th June 2009 20:35 GMT
"I just turned java off until now." ... By John Molloy Posted Tuesday 16th June 2009 17:53 GMT
John,
Java is not something that you can off. And it is a Very Powerful Language able to Converse with All Virtual Machines and NINJA Machinery .... which are in Reality and Virtualisation, Neural Networks InterNetworking at Quantum Communications Levels/Higher Deeper Virtual Core Processor Architecture Builds.
amanfromMars 1? #
Posted Tuesday 16th June 2009 20:54 GMT
Do you mean there was more than one? Aaaargh!
@ El Reg #
Posted Tuesday 16th June 2009 21:55 GMT
Quote: "If you followed our suggestion last month to take Security researcher Landon Fuller's advice to disable Java applets in your browser and uncheck the "Open 'safe' files after downloading" setting in Safari's General preferences, you're now free to reverse those changes."
Or you could just leave them both off permanently. Is Java actually used for anything useful on the web these days, for the vast majority of people? It has been off in my browser for months and I haven't noticed it at all.
The 'safe' files thing is something that should never, ever be on. The most retarded setting in a browser anywhere. I just love how Apple puts it between quotes to indicate that even they don't believe that these files are 'safe'.
My advice - unless you really do need Java for anything, just leave it off. 'Safe' file opening should be left off regardless of what you want. If you are incapable of double-clicking a downloaded file to open it yourself then you shouldn't be using a computer. If you are stupid enough to double-click something in your Downloads folder that you didn't download yourself, then you shouldn't be permitted to carry on living in a Darwin Award type of way.
Any chance of #
Posted Tuesday 16th June 2009 21:55 GMT
some evidence of working exploits in the wild taking advantage of this vulnerability? After all if it has been known about for over 6 months that's plenty of time for one or more, so where are they? Your tut tutting at Apple's tardiness would carry more weight if there was a real risk, without exploits the risk is only theoretical and the continuing lack of exploits on the platform would indicate that Apple is right in not choosing to rush these things.
No update for 10.5.6! #
Posted Tuesday 16th June 2009 22:22 GMT
10.5.7 was a big download and I hadn't got around to it yet. Shocked to find the fix wasn't offered at 10.5.6 so needless to say I have now done both.
I'd echo Muscleguy's comment that if there's no exploit then the tone of your article was scaremongering. But better safe than sorry.
@amanfromMars 1 #
Posted Wednesday 17th June 2009 00:37 GMT
Wait just a damn second here. Will the real amanfromMars please stand up?
Oh god I hate that song and for that I am going to go swallow a gun barrel now.
/Anon becuase I dont want to be associated with this comment
@Muscleguy #
Posted Wednesday 17th June 2009 00:37 GMT
Analysing the outcome of 6 months of unpatched Java, in hindsight, and excusing Apple's tardiness because nothing happened doesn't make much sense, does it? You wouldn't leave your front wide open all day, every day simply because you're not aware of any burglars in the area.
Surely it's the fact that there COULD have been exploits developed at any point over the last 6 months that's important. That's the difference between proactive and reactive security... or in Apple's case inactive.
Wow! #
Posted Wednesday 17th June 2009 00:37 GMT
OK I down loaded the OS update Sunday (~140 MB) and another ~ 500 MB today.... I wonder what this thing will run like after the download has fully expanded.
@ George Schultz #
Posted Wednesday 17th June 2009 03:48 GMT
The 'WOW' starts now!
No not really. No difference for 10.5.7. Doing a separate download for 10.4.
What's Java? #
Posted Wednesday 17th June 2009 09:14 GMT
Must be something important right? To warrant such a speedy response?
Alternatives #
Posted Wednesday 17th June 2009 09:14 GMT
No Script protects against this, allowing only scripts & Java from specified domains to be run. It's been protecting me since this situation was outed and as a side-benefit I've had a nicer net experience, as a majority of ads get blocked as well. http://noscript.net
@Muscleguy #
Posted Wednesday 17th June 2009 11:40 GMT
So, no need to patch unless there's an exploit? *REALLY* clever! This would be the famed Apple security would it?
Oh, of course, I'm forgetting that the blessed Steve *KNEW* that there wouldn't be an exploit for at least six months and so it was safe to do nothing. Get real - if there's a vulnerability you patch for it, you don't wait for it to be exploited.
@ Qwertyuiop and others #
Posted Wednesday 17th June 2009 13:27 GMT
"So, no need to patch unless there's an exploit? *REALLY* clever! This would be the famed Apple security would it?"
No. But the point is that it was easy enough to NOT have running which is what I did when the security alert came up. I don't have any reason to run it anyway and one would assume that those that did would be on some kind of trusted network anyway.
@J 3 #
Posted Wednesday 17th June 2009 13:27 GMT
Well, at least that explains why I occasionally understood one of his posts - it was actually an imposter using his name.
@KroSha #
Posted Wednesday 17th June 2009 21:08 GMT
Are you confusing Java and Javascript?
They're about as similar as cow's milk and soya milk
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to lower storage costs
Using a highly integrated, feature-rich data storage solution - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Checklist: Midmarket ERP Solutions
Control your rising business costs - Comparison Guide: IP Phones
Exact details on specific IP Phone features such as function buttons, display resolution, weight and price - Service level monitoring and management
Delivering service excellence across the network
