Now, you may be wondering why I’m publishing a blog post on Mac OS security issues. I’m not a Mac user, and really have no desire to become one. Not that the OS is a bad thing—it’s not from what I’ve seen, but it’s not something that interests me. Especially not when I have to pay upwards of $1,000 to use it (since I have to buy a Macintosh to use it legally).
The reason I’m publishing this is three-fold. 1) It shows that Mac OS is just as insecure as Windows, Linux, Solaris, OS/2 (IBM’s ancient OS) or any other operating system out there. 2) Because this affects Windows computers as well as Mac Computers (and possibly Linux computers, although the author didn’t mention that). 3) It illustrates that no matter how secure your Operating System is, it’s only as secure as the applications that are running on it.
This vulnerability is in Java (which is made by Sun Microsystems) and existed on all operating systems. Why? Because Java is a “Platform independent” system. It’s designed to run in a Virtual Machine, which can be installed on any operating system. The flaw in Java accesses the Operating System based on it’s “Java Runtime Environment” which is basically it’s hook into the OS.
If you are a user (anyone who isn’t programming in Java) then my suggestion is to download the latest updates for Java Runtime Environment from http://www.java.com or if you’re prompted for an automatic update from Java, do it. On Mac and potentially Linux systems, you may have to get the update through your respective Automatic Update systems (since Apple had to create the update for Mac OS X).
The most important thing is this. If you don’t need the older versions of Java (in other words, you aren’t developing or running version specific programs) you need to uninstall ALL previous versions of the JRE. This has to be done manually via your Add/Remove Programs. In Linux or Mac OS X, this may be done for you (but if not, you need to do it also).
The other important thing to remember is this also. As I mentioned above, it doesn’t matter how secure your Operating System is. There are bugs in most applications (Java, Adobe, QuickTime, etc) that are the equivalent of chinks in the armor. They hook into the Operating System in order to do their work. If there’s a bug in the application, and it is able to take advantage of one of those hooks, then guess what? You’re PWND (owned).
So, no matter what your Operating System is—or how secure it’s manufacturer or other security people say it is, make sure you update it EVERY time there’s one available, and make sure you update your applications whenever there are some available. It’s your data… Actually, let me say it like this: It’s your INFORMATION. Do what you must to protect it at all costs.
Have a great day:)