site logo
News Archive for Tuesday May 19, 2009       Goto Current News Page

Macs | CPU Upgrades | Video | Storage | Audio | Apps/OS/Networking | FAQ | Contact

Warning on Critical Mac OS X Java Vulnerabilities
(Update: On June 15th apple released Java for Mac OS X 10.5 Update 4 and Java for Mac OS X 10.4, Release 9 to address this.)
(original post from May 19th follows)
Eddie sent a link to Landon Fuller's article warning about Critical Mac OS X Java Vulnerabilities. Here's a clip (also mentioned at securemac)

"Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun.
CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable.

Unfortunately, these vulnerabilities remain in Apple's shipping JVMs, as well as Soylatte 1.0.3. As Soylatte does not provide browser plugins, the impact of the vulnerability is reduced. The recent release of OpenJDK6/Mac OS X is not affected by CVE-2008-5353.

Work-Arounds:

  • Mac OS X users should disable Java applets in their browsers and disable 'Open "safe" files after downloading' in Safari.
  • Soylatte users running untrusted code should upgrade to an OpenJDK6-based release, where possible. No future releases of the JRL-based Soylatte branch are planned at this time. If this is an issue for you, please feel free to contact me.
  • No work-around is available for users otherwise running Java untrusted code."
  • Landon's page also has links to a proof of concept and in-depth discussion.

    Return to Accelerate Your Mac!Top
    Follow-up on DisplayLink 1.1.2beta/Mini Monitor driver and 10.5.7
    (from the reader that originally reported this the day 10.5.7 was released. V1.1 driver worked in 10.5.7 (per other reports), but he needed mini monitor support in the 1.1.2 beta driver)

    "Just a quick update on my displaylink (1.1.2 beta/10.5.7) driver problems.
    I've had some luck getting it to work again. (he's using a mini monitor adapter, which needed the 1.1.2beta drivers for support.-Mike)

    Keeping the installed 1.1.2beta drivers, I overwrote the actual DisplayLinkDriver file using the older version from the 1.1 release.

    Using Pacifist to open the installers (you could use terminal) I replaced the installed 1.1.2beta driver found at:
    /System/Library/Extensions/DisplayLinkDriver.kext/Contents/MacOS/DisplayLinkDriver
    with the equivalent file from the 1.1 installer. The 1.1.2beta file was 71.1k, while the 1.1.1 was 71k.

    So far so good, and better than waiting for an updated driver :)
    (But I thought (per their driver download page) that only the 1.1.2 beta had mini monitor support (which you own - Nanovision UM710, 7" USB display link powered mini monitor).-Mike)
    Basically I installed (again) the beta (1.1.2beta) drivers. Screen didn't work. But I took the raw driver file out of the 1.1 drivers, replaced the beta equivalent and it worked.

    I can only assume it was failing with the 1.1 drivers not because the screens chipset wasn't supported but because it couldn't find appropriate device descriptions to fire the thing up with. Hence leaving all the beta support files behind added support for the mini monitors.

    I guess in the beta drivers they added some more code which somehow got broken by the 10.5.7, and that the mini monitor support was not part of the core driver module, but added in via the other files involved in the install.
    Confused but happy its all working again,
    -Mike R."

    Return to Accelerate Your Mac!Top
    More Feedback on 10.5.7 Update/Problems
    I'm still working with some readers on their problems (and asked for more details on several mails) but updated the OS X 10.5.7 Feedback/Tips/Problems page with several more reports (including above Displaylink driver follow-up). If you send a mail on 10.5.7, please include details on your mac hardware/software and if you used the DL/combo updater or Software Update. (If you used SU and had a problem, try reinstalling the Combo updater (download). It may not fix all problems (won't help if there's a bug or driver/addon software issue with 10.5.7) but in the past has helped many times.)
    Return to Accelerate Your Mac!Top
    Apple Support Doc Updates

    Return to Accelerate Your Mac!Top
    Other News/Articles, Misc. Software Updates
    (later added items first)

    Return to Accelerate Your Mac!Top
    Recent Articles and Reviews
    Listing/links to recent articles and reviews you may have missed.
    Return to Accelerate Your Mac!Top

    OWC XYM SPECIALS!
    (Ad/Sale Items)

    = UPGRADES by Model =
    Upgrades for YOUR Mac!

    = Refurb Mac Pros =
    (Click for Current List)

    = SSDs up to 4TB =
    SSDs for Most Macs!

    = ThunderBolt =
    Drives, Docks & More

    = HARD DRIVES =
    Up to 12 TB HDD
    HGST, WD, Seagate, Toshiba

    = 2.5" HDs & DIY Kits =
    Notebook Hard Drives and DIY drive/case kit bundles

    = MEMORY =
    Lifetime warranty RAM Upgrades!

    = OPTICAL DRIVES =
    Internal and External Superdrives/Blu-Ray drives

    = VIDEO / DISPLAY =
    Graphics cards, Displays, Adapters, Cables & more

    = AUDIO ITEMS =
    Interfaces, Cables, Software, Speakers, Headphones & more

    = SOFTWARE =
    Apps, Utilities, OS, VM, Games and more

    = WIRELESS =
    WiFi and Bluetooth Devices/Adapters/More

    = Repair Service =
    for iPhone, iPad, Macs

    = iPad/iPhone/iPod =
    Accessories, Cases, Docks & More

    = back to www.XLR8YOURMAC.com =
    Copyright 1997-2018. All Rights Reserved
    All brand or product names mentioned here are properties of their respective companies.
    Legal: Site Privacy and terms of use.