On Jan 29, 2013, at 1:53 PM, Dan <[email protected]> wrote: > At 3:12 PM -0500 01/12/2013, Dan wrote: >> At 9:23 AM -0800 01/12/2013, Réjean Leroux wrote, on Tigerlist: >>> Anyone knows more about this Java alert issued by US Gov (alert that >>> include Flash as well)! >> >> SSDD. Yet-another zero day vulnerability, yadda yadda yadda *yawn* > > And today's chapter: > > http://mac-security.blogspot.com/2013/01/just-turn-java-off-very-high-security.html
Here's the thing: anyone who can run a vulnerable version of Java on their Mac and has installed Apple's security updates has already done this. <http://support.apple.com/kb/DL1572> <http://support.apple.com/kb/DL1573> The last Java update Apple released went through and purged Java from the browser plugins. (As I found out, unpleasantly, when I tried to use a network-based KVM we purchased. Yet another 'Universal' devioce that is truly universal, it runs under Windows on Dells, on HP's, on Lenovo's…) (Apple's relesed these updates for 10.6, 7 and 8. 10.5 and lower is officially deprecated, and doesn't run the latest versions of Java. PPC machines CAN'T run the latest versions of java. I'm mildly surprised that they released the fix for 10.6.) Anyone else either deliberately went out of their way to re-enable Java or is not running a version that's vulnerable. Almost all of these new security issues with Java are the result of Oracles new code in the latest version. (and the appeal to 'Open Source' java just won't happen. As I've said before the entire impetus for Oracle to buy Sun was to acquire Java, which is Oracle's lifeblood, since so much of their database stuff is now written in Java.) Everything else (like hardware, VirtualBox, etc) was gravy for them, and Oracle is no more going to open source Java than they would Oracle Enterprise Database. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs -- -- You received this message because you are a member of G-Group, a group for those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs. The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/g3-5-list --- You received this message because you are subscribed to the Google Groups "G-Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
