According to Julien Tinnes in the CR0 Blog, it appears that Apple's recent security update failed to fix a Java flaw that was reported to Sun back in August 2008 and patched by Sun way back in December 2008. The upshot: according to the blog (and I've yet to be able to independently confirm it) any browser on OSX that uses the Apple-supplied version of Java is vulnerable to remote exploitation against a class of flaws known as Java deserialization vulnerabilities. |
Tom 160 Posts May 20th 2009 |
Thread locked Subscribe |
May 20th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!