Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Java OS X Security Apple

Apple Nabs Java Exploit That Bypassed Disabled Plugin 97

Posted by timothy
from the heading-them-off-before-they-head-you-off dept.
Trailrunner7 writes "Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X."
This discussion has been archived. No new comments can be posted.

Apple Nabs Java Exploit That Bypassed Disabled Plugin

Comments Filter:
  • Re:Java and flash... (Score:5, Informative)

    by casab1anca (1304953) on Saturday March 16, 2013 @12:07AM (#43188669) Homepage

    Flash is crap though, always was, always will be.

    Flash may be crap now but for a long time, it (and Shockwave before it) was the only practical way of displaying interactive multimedia content in the browser.

  • Not a bug? (Score:5, Informative)

    by subanark (937286) on Saturday March 16, 2013 @12:33AM (#43188745)

    A webstart link is simply a jnlp file, which is an xml file, that if opened with javaws will start up the Java application (in a sandbox or warn the user it won't). This does not attach to the web browser and runs in its own frame. When you install Java it should associate jnlp files with javaws so that when you click with a browser it shouldn't launch the javaws program unless you choose to always open with it when you click it.

    From the article this seems to be a bug with the way the Mac handled scripts in an unexpected way.

When you don't know what to do, walk fast and look worried.

Working...