Java Flaw Still Unpatched in OS X

Java Flaw Still Unpatched in OS X

In December 2008, Sun Microsystems warned of a flaw in its Java virtual machine that could be exploited to execute code on vulnerable computers.
Although the problem has been addressed in Windows and major Linux distributions, Apple has not issued a fix for the vulnerability, despite having recently issued a major security upgrade. The flaw is being actively exploited, and attack code that specifically targets the flaw in Mac OS X has been posted in an attempt to draw attention to the unpatched vulnerability. Mac users are urged to disable Java applets in their browsers until a fix is made available.

Mac users too often assume that their machines are not vulnerable to attacks, but reality dictates otherwise. News of this latest security flaw is yet another indication that Mac OS X is by no means invincible to attacks.

Apple's reliance on third party / open source software, and it's inability to release timely patches in sync with other vendors is a big threat currently only mitigated by the obscurity of the platform.

A modern day software company just can't afford to wait months to release a patch for a publicly known vulnerability. Microsoft learned this lesson the hard way.