{"id":853,"date":"2009-05-20T09:26:56","date_gmt":"2009-05-20T08:26:56","guid":{"rendered":"http:\/\/blog.intego.com\/?p=853"},"modified":"2009-05-20T09:26:56","modified_gmt":"2009-05-20T08:26:56","slug":"apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/","title":{"rendered":"Apple Hasn&#8217;t Updated Java to Protect Mac Users from Critical Vulnerabilities"},"content":{"rendered":"<p><img src=\"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif\"><\/p>\n<p>A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say <a href=\"http:\/\/www.theregister.co.uk\/2009\/05\/19\/unpatched_apple_vulnerability\/\">The Register<\/a> and <a href=\"http:\/\/landonf.bikemonkey.org\/code\/macosx\/CVE-2008-5353.20090519.html\">security researcher Landon Fuller<\/a>. Apple is putting Mac users in danger, not fixing a problem that &#8220;allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable,&#8221; says Fuller. Apple has shown their sluggishness in updating such third-party software in Mac OS X in the past, but this six month delay is truly excessive.<\/p>\n<p>There are a few things Mac users can do to protect themselves against this issue. Disable the use of Java applets in their browsers and disable the &#8220;Open &#8216;safe&#8217; files after downloading&#8221; option in Safari&#8217;s General preferences (or similar settings in other browsers). <\/p>\n<p>In case you&#8217;re wondering if this vulnerability is truly dangerous, Landon Fuller has created a proof of concept Java applet (linked <a href=\"http:\/\/landonf.bikemonkey.org\/code\/macosx\/CVE-2008-5353.20090519.html\">here<\/a>) that &#8220;will be executed on your system by a Java applet, with your current user permissions.&#8221; (Make sure you have the sound on when you try this out.) <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting Mac users in danger, not fixing a problem that &#8220;allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13,11],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple Hasn&#039;t Updated Java to Protect Mac Users from Critical Vulnerabilities  - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2009-05-20T08:26:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/\",\"name\":\"Apple Hasn't Updated Java to Protect Mac Users from Critical Vulnerabilities - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage\"},\"datePublished\":\"2009-05-20T08:26:56+00:00\",\"dateModified\":\"2009-05-20T08:26:56+00:00\",\"description\":\"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple Hasn&#8217;t Updated Java to Protect Mac Users from Critical Vulnerabilities\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Apple Hasn&#8217;t Updated Java to Protect Mac Users from Critical Vulnerabilities\",\"datePublished\":\"2009-05-20T08:26:56+00:00\",\"dateModified\":\"2009-05-20T08:26:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage\"},\"wordCount\":207,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif\",\"articleSection\":[\"Apple\",\"Security &amp; Privacy\",\"Software &amp; Apps\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Apple Hasn't Updated Java to Protect Mac Users from Critical Vulnerabilities  - The Mac Security Blog","og_description":"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/","og_site_name":"The Mac Security Blog","article_published_time":"2009-05-20T08:26:56+00:00","og_image":[{"url":"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/","name":"Apple Hasn't Updated Java to Protect Mac Users from Critical Vulnerabilities - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage"},"datePublished":"2009-05-20T08:26:56+00:00","dateModified":"2009-05-20T08:26:56+00:00","description":"A six-month-old critical vulnerability in Java in Mac OS X is still unpatched, say The Register and security researcher Landon Fuller. Apple is putting","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple Hasn&#8217;t Updated Java to Protect Mac Users from Critical Vulnerabilities"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Apple Hasn&#8217;t Updated Java to Protect Mac Users from Critical Vulnerabilities","datePublished":"2009-05-20T08:26:56+00:00","dateModified":"2009-05-20T08:26:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#webpage"},"wordCount":207,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-hasnt-updated-java-to-protect-mac-users-from-critical-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/java.gif","articleSection":["Apple","Security &amp; Privacy","Software &amp; Apps"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-dL","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/853"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=853"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/853\/revisions"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}