Not just banking
Tons of browser-based games use Java too.
Apple released a security update for OS X Java on Tuesday, plugging a security vulnerability exploited by the latest Flashback Trojan. The latest variant of the Mac-specific malware appeared on Monday and targeted a vulnerability in Java (CVE-2012-0507) which was patched on Windows machines more than six weeks ago. Apple's new …
Tons of browser-based games use Java too.
Wait, where are the mouth foaming fanbois?
Too bad the fix is only for 10.6.8 & up. Can’t be applied to my incredibly old 10.6.5 (released 1 yr., 4 mos. ago . . .)
I’m sure the reason for this is that it’s far to expensive for Apple to extend the fix to cover at least 2 years of OS, not that Apple is trying to corral users into their walled garden (10.6.6 & up infects Macs with the “app store.”)
Apple only has the best in mind for their customers. Don’t they?
All your phone/pad/app/os/book/music/movie are belong to us.
The problem lies with changes in Java as far as I can tel. It's not apples fault. You could just upgrade I suppose. Is that so difficult?
It's a free upgrade to 10.6.8.
Regarding the App Store 'infection', I'm not entirely sure what your problem is. Yeah it's installed, but you don't have to register and you don't have to use it. You can even drag out of the dock ad delete it from your HD if you're that bothered about it.
Your Mac will still work.
You're refusing to update to the latest patch release (still using 10.6.5 instead of 10.6.8) and yet you're complaining about not being able to use a java fix?
That's the problem with Apple. If they followed Google's Android example no one would need to care about updates only working on some versions of the OS.
Not sure how it all works in the Mac world, but I remember that I used to get quite annoyed by not being able to just download patches. If a security update included an extra application, it's not a security update in my books and the supplier can just poke it - I was at the 'angry young man' stage of my life at the time. If I need a patch for something like a browser, I wouldn't want some Yahoo! application being loaded on just because it came with the patch, sorry 'update'. And the supplier should be able to seperate out the security stuff from the functionality stuff so a decision can be made before the install as to whether the extra piece of software is installed in the first place, not have it installed by default.
Having said that, I would rather go through the pain of removing stuff that's not required than exposing an unpatched machine to the network. Not that I've had to do that for a long, long time, thankfully. MikeOS FTW.
> Too bad the fix is only for 10.6.8 & up. Can’t be applied to my incredibly old 10.6.5
And the upgrade to 10.6.8 from 10.6.5 is free. Why not apply it? Does it take away any features you use?
Sorry, but what's stopping you from updating to 10.6.8? Genuine question.
I expect you are running XP SP2 as well.
"I expect you are running XP SP2 as well."
So, you're saying Apple's 1.6.5 of 2010 is equivalent to XP SP2 of 2004?
Holding their fire waiting for the mouth foaming anti-fanbois obviously.
No, but it is a dangerous unpatchable version of the previous mainstream Windows OS (No I don't include Vista as a mainstream OS...), that you would not expect to use on the Internet.
Right it's not Apples fault even though Microsoft fixed this known vulnerability six weeks before Apple did. Be careful you don't trip over your untied fanboyism
Java is not installed on my macs...
Wish I could get rid of the malware enabler myself but alas I need it for my dnla server PS3 Media Server.
> Java is not installed on my macs...
I wish I can say that, but for some reason LibreOffice requires it.
But Adobe Creative Suite demands it too. Personally I have no use for it, but the other half uses it for work. Thus we have to have Java installed.
OS X never ships with Java installed anymore.
If you are one of the unfortunate souls tricked by Satan and ended up in eternal purgatory there is still hope for the redemption of your immortal soul:
The steps are as follows:
1. Check for Java Installation using your almighty holy Bash Terminal:
sudo /usr/libexec/java_home -xml (an output with two JVM dictionaries confirms that Java is installed)
2. Run the demon spawns uninstaller:
sudo /usr/libexec/java_home –uninstall
3. Remove the demon spawns JVM installation location:
sudo rm -rf /System/Library/Java
4. Run command from step 1 again (an output starting with "Unable to find any JVMs matching version" confirms that Java is no longer installed.
5. Say 10,000 hail marys and you might be able to be let out of purgatory.
... that is all
Or you could disable Java in the browser preferences...
Some Russian security firm reckons they have found a botnet of Macs, established using the Flashback trojan:
I thought that Macs (unlike Windows systems) were inherently safe and secure and that fruity followers need not worry about such things.
Hmm, maybe the fanbois are going to have to eat crow over their pooh-poohing of the old "security through obscurity" tag....