Forgot your password?
typodupeerror
Java Apple

Recent Apple Java Update Doesn't Fix Critical Java Flaw Claims Researcher 102

Posted by samzenpus
from the try-again dept.
hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.
This discussion has been archived. No new comments can be posted.

Recent Apple Java Update Doesn't Fix Critical Java Flaw Claims Researcher

Comments Filter:
  • Re:Huh? (Score:2, Insightful)

    by SplashMyBandit (1543257) on Thursday September 06, 2012 @08:37PM (#41255545)
    What do you get for a similar search of "Windows"? (that is also another "platform", just as the JVM is). My point is not that Java is without vulnerabilities - clearly it has them - but that calling it "malware" is misleading since anything with a similar large amount of functionality also has a lot of attack surface. So the hyperbole ought to be cut. k?
  • by ArchieBunker (132337) on Thursday September 06, 2012 @10:12PM (#41256175) Homepage

    The janitors running this site can't even be bothered to read submissions over for spelling and grammar mistakes.

  • Re:Java blows (Score:4, Insightful)

    by exomondo (1725132) on Friday September 07, 2012 @12:14AM (#41256741)

    Sorry, QT is vile and unnatural, IMHO.

    If you don't like it that's fine, that's not really any kind of objective criticism though. If you don't like Qt there's always other options like wxWidgets, FLTK, etc...

    Effective sure

    Which is why so many people use it.

    The C++ code itself is nothing.

    Which is why your post was so baffling.

    What matters is that for each platform you target you need different libraries, and each library has its own idiom.

    But you don't, there are so many cross-platform libraries. You get the same when targeting Android with Java anyway, you can't just use Swing like on other platforms.

    Then you end up contorting your architecture for each set of libraries you are trying to integrate.

    Do you have a specific example of why you did this?

    This is not impossible (I've written lots of portable, complex C++ in the last two decades) but I can tell you it is *vastly* easier, more consistent, and I would argue more performant (since the time I save not fixing dumb C++ loopholes I instead spent optimizing my Java) to use Java.

    This all depends on your proficiency, not sure what these 'dumb C++ loopholes' you're referring to are, could you be specific?

    Flightgear is an admirable bit of software. I looked at extending it but realized after two decades of C++ and a decade of Java I knew which language to base a new *reliable* multi-player, multi-core product on.

    So what specifically makes Java more reliable?

    So I understand your advocacy for C++.

    What advocacy for C++?

    Java becomes the better choice for new heavily multi-threaded stuff, IMHO.

    Why is that?

FORTRAN is for pipe stress freaks and crystallography weenies.

Working...