Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.system > #23550 > unrolled thread

Does Flashback affect Doze?

Started byFred Moore <fmoore@gcfn.org>
First post2012-04-09 13:07 -0400
Last post2012-04-10 12:09 +1200
Articles 4 — 4 participants

Back to article view | Back to comp.sys.mac.system


Contents

  Does Flashback affect Doze? Fred Moore <fmoore@gcfn.org> - 2012-04-09 13:07 -0400
    Re: Does Flashback affect Doze? nospam <nospam@nospam.invalid> - 2012-04-09 13:35 -0400
      Re: Does Flashback affect Doze? Lloyd <lloydparsons@me.com> - 2012-04-09 13:16 -0500
        Re: Does Flashback affect Doze? dempson@actrix.gen.nz (David Empson) - 2012-04-10 12:09 +1200

#23550 — Does Flashback affect Doze?

FromFred Moore <fmoore@gcfn.org>
Date2012-04-09 13:07 -0400
SubjectDoes Flashback affect Doze?
Message-ID<fmoore-F45F25.13071909042012@news.eternal-september.org>
I presume Doze can use Java too. Does anyone know if any variant of 
Flashback affects that OS? If not, why not? TIA

[toc] | [next] | [standalone]


#23554

Fromnospam <nospam@nospam.invalid>
Date2012-04-09 13:35 -0400
Message-ID<090420121335028031%nospam@nospam.invalid>
In reply to#23550
In article <fmoore-F45F25.13071909042012@news.eternal-september.org>,
Fred Moore <fmoore@gcfn.org> wrote:

> I presume Doze can use Java too. Does anyone know if any variant of 
> Flashback affects that OS? If not, why not? TIA

the vulnerability was patched months ago on windows.

[toc] | [prev] | [next] | [standalone]


#23560

FromLloyd <lloydparsons@me.com>
Date2012-04-09 13:16 -0500
Message-ID<lloydparsons-959D6F.13163309042012@news.eternal-september.org>
In reply to#23554
In article <090420121335028031%nospam@nospam.invalid>,
 nospam <nospam@nospam.invalid> wrote:

> In article <fmoore-F45F25.13071909042012@news.eternal-september.org>,
> Fred Moore <fmoore@gcfn.org> wrote:
> 
> > I presume Doze can use Java too. Does anyone know if any variant of 
> > Flashback affects that OS? If not, why not? TIA
> 
> the vulnerability was patched months ago on windows.

So has there been a more recent patch?  If not, Windows Java is at risk 
again.

[toc] | [prev] | [next] | [standalone]


#23572

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-10 12:09 +1200
Message-ID<1kibwuz.ol7o751s9vckuN%dempson@actrix.gen.nz>
In reply to#23560
Lloyd <lloydparsons@me.com> wrote:

> In article <090420121335028031%nospam@nospam.invalid>,
>  nospam <nospam@nospam.invalid> wrote:
> 
> > In article <fmoore-F45F25.13071909042012@news.eternal-september.org>,
> > Fred Moore <fmoore@gcfn.org> wrote:
> > 
> > > I presume Doze can use Java too. Does anyone know if any variant of
> > > Flashback affects that OS? If not, why not? TIA
> > 
> > the vulnerability was patched months ago on windows.
> 
> So has there been a more recent patch? 

No, there hasn't. Java 6 Update 31 is the current version.

> If not, Windows Java is at risk again.

What gives you that idea? If there _had_ been a more recent Java patch
then new vulnerabilities would have been announced, which means _Mac_
users and Windows users who have not installed the latest Java update
would be at risk of new variants of malcious software.

If Oracle has not released a more recent Java patch then they also
haven't announced any new known vulnerabilities, so the malware authors
would have to expend more effort to find previously unknown security
issues and exploit them. (Announced vulnerabilities give the malware
authors a much more targetted area to probe.)

Oracle released Java 6 Update 31 in February. It took Apple about two
months to release the Mac version, which gave malware authors a
reasonable window in which to locate and exploit a published
vulnerability, and to get widespread distrubution to Macs, a high
proportion of which were vulnerable and had no Java patch available to
fix the problem.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [standalone]


Back to top | Article view | comp.sys.mac.system


csiph-web