Archive for May 20th, 2009

An old Java vulnerability, already fixed 6 months ago in every Java implementation except Apple's, allows remote attackers (i.e. malicious web sites) to launch arbitrary code from Safari or Firefox with full user privileges, evading the Java applet sandbox on Mac OS X.

Here's the Slashdot's routine Apple+Java bashing with linked source articles.

At this moment, the easiest way to protect your Mac web browser is either turning off Java globally or... you know what ;)

Update Jun 15th

Three weeks later, Apple finally patched..

Bad Behavior has blocked 924 access attempts in the last 7 days.