Mac OS X Java security hole exposed

I don't hate Apple. I like their products. But I can't help but enjoy reading this because so many Mac users think that OS X is invulnerable to exploits..

"You only have $20 billion in cash,.........."

No.

It's about $30 billion!

Not that I care too much. But the fact that this has been an exploit for the past five months, and this is the first I am hearing of it. I am not too worried. I read all the proper blogs and keep up to date on my info, for the most part.

Swine Flu anyone? Yea, didn't think so.

I have both a Mac and PC and they are absolutely fine, holes or not. PCs are safe if you keep them safe, and Macs are safe if you keep them safe.

As a PC guy, all that needs to be said is that Apple needs to get on the ball. The one thing you can give Microsoft, is that post XP SP2, they really got on the ball with the security patches (compared to before). Apple has the talent, they have the resources. And they WILL get these issues fixed. Is it a tad embarrassing to have an exploit unpatched for 5 months? Sure. No more or less embarrassing than if Microsoft had done the same thing (and they have). They went through the same sort of gauntlet before they got off their asses, and now XP and Vista are more secure than they used to be. OSX is generally more secure than Windows. And to be fair, this is ONE security hole. I've been an IT guy for years, and have most recently moved to a new company and am now one of the IT guys there as well. Because of this, I've dealt with MANY of them, Windows has been FULL of holes. Honestly no one should bitch at Apple too much for ONE. They need to get on the ball, and I'm confident, even as a Windows guy, that they will do so. Have some heart ;)

I disabled all the Java stuff and then had a peek at the American Apple start page (/startpage), then I jumped over to the Canadian version to have another peek.

All I can say is I sure am glad to be Canadian. X-)

No doubt applets are still common in an educational or scientific contexts, but for the average surfing experience, they're pretty rare. I'm a Java developer and I have my Java Console enabled, so it's very in-your-face when I hit an applet. I don't encounter too many. Flash and other rich Web ui plug-ins (maybe JavaFX!) are the weapon of choice these days.

Universities should probably switch to Java Web Start deployment with signed applets. It might not cure this exploit, but at least you can verify the source of the applet as trusted or not.

Just because some of you guys haven't used Java applets in awhile, doesn't mean no one else does. My school uses them for online classes in Blackboard/Elluminate, and my workplace uses them for remote desktop access through GoToMyPC/Citrix. Those are both pretty popular services last time I checked. I'd just love telling my professor or boss that I can't connect from home because I use a Mac and it is advised that I disable Java applets until Apple gets around to patching a five-month old security hole.

I can't remember the last time I encountered a Java applet. Is this technology still needed for anything?

Apparently is needs to be said again:

Macs are safer, but less secure.

All this particular exploit does is emphasize the second point. Rather poor information to panic ratio in this article.

Macs are safer, but less secure.
Macs are safer, but less secure.
Macs are safer, but less secure.
Macs are safer, but less secure.
Macs are safer, but less secure.