Please create an account to participate in the Slashdot moderation system


Forgot your password?
Java OS X Security Apple

Apple Nabs Java Exploit That Bypassed Disabled Plugin 97

Trailrunner7 writes "Apple on Thursday released a large batch of security fixes for its OS X operating system, one of which patches a flaw that allowed Java Web Start applications to run even when users had Java disabled in the browser. There have been a slew of serious vulnerabilities in Java disclosed in the last few months, and security experts have been recommending that users disable Java in their various browsers as a protection mechanism. However, it appears that measure wasn't quite enough to protect users of some versions of OS X."
This discussion has been archived. No new comments can be posted.

Apple Nabs Java Exploit That Bypassed Disabled Plugin

Comments Filter:
  • Re:Java and flash... (Score:5, Informative)

    by casab1anca ( 1304953 ) on Saturday March 16, 2013 @12:07AM (#43188669) Homepage

    Flash is crap though, always was, always will be.

    Flash may be crap now but for a long time, it (and Shockwave before it) was the only practical way of displaying interactive multimedia content in the browser.

  • Not a bug? (Score:5, Informative)

    by subanark ( 937286 ) on Saturday March 16, 2013 @12:33AM (#43188745)

    A webstart link is simply a jnlp file, which is an xml file, that if opened with javaws will start up the Java application (in a sandbox or warn the user it won't). This does not attach to the web browser and runs in its own frame. When you install Java it should associate jnlp files with javaws so that when you click with a browser it shouldn't launch the javaws program unless you choose to always open with it when you click it.

    From the article this seems to be a bug with the way the Mac handled scripts in an unexpected way.

Ya'll hear about the geometer who went to the beach to catch some rays and became a tangent ?