RSS Alerts

Share

More services

David Harley

Job title:
CEO, Small Blue-Green World, and independent author

Areas of expertise:
Apple security, malware, anti-malware testing, psychosocial aspects of security, user education, email management, social media, medical informatics

Biography:
The Apple Security Blog, by David Harley David Harley, CITP, FBCS, CISSP, is an IT security researcher, author and consultant living in the UK. He has worked in IT (largely in medical informatics) since the 1980s, increasingly focused on security and anti-malware research since 1989. Between 2001 and 2006 he managed the UK National Health Service’s Threat Assessment Centre, and since 2006 he has provided authoring and consultancy services to the anti-virus industry. Since 2009 he has been a director of the Anti-Malware Testing Standards Organization (AMTSO). He runs the Mac Virus website and AVIEN (the Anti-Virus Information Exchange Network), and is a Fellow of the British Computer Society (now the BCS Institute). He was principle author and technical editor of “The AVIEN Malware Defense Guide for the Enterprise” and co-authored “Viruses Revealed”, as well as contributing to many other books including “OS X Exploits and Defense”. He has a daunting back-catalog of research papers and articles, and also blogs for Mac Virus, AVIEN, ESET (where he holds the title Senior Research Fellow), (ISC)², and numerous other websites.

Tag Cloud

compliance Security cloud computing David Harley Cloud cloud security encryption cybersecurity

Bloggers

Blog

Trusting the Oracle: Truth or Dare

 

It’s been claimed that Oracle has known since April about the latest Java vulnerabilities to which so many of us are exposed. Even if Oracle does actually step outside its patch cycle to provide remediation before October – which seems far from certain at the moment – that time lag should give pause to anyone thinks that Java is a safe platform and that Oracle is a safe pair of hands. (As I commented to Infosecurity's Kevin Townsend here.)
 
There’s plenty of good advice about disabling Java in browsers – for instance from ESET’s Stephen Cobb and Techworld’s Lucian Constantin. But where do Mac users stand in all this otherwise?
 
Well, I have yet to see a report of any of the current rash of exploits being Mac aware, though that can, of course, change. In fact, Mac-aware exploits may be likelier to be targeted (for instance politically motivated) rather than equivalent to (for instance) Blackhole attacks on Windows users.
 
Reportedly, users of OS X versions earlier than Lion are not vulnerable: Java 7 doesn’t run on them, and Java 6 doesn’t have these particular holes. While Java isn’t distributed with Lion and Mountain Lion, users shouldn’t consider themselves safe. Even if they haven’t installed Java themselves, it may have been installed in response to a request to allow installation so as to run a Java applet, as Keizer suggests. In fact, it wouldn’t surprise me if some products and services have installed it silently, or at least inconspicuously.

 

Posted 30/08/2012 by David Harley

Tagged under: Oracle , David Harley , Java , Lion , Mountain Lion , OS X , Kevin Townsend , ESET , Stephen Cobb , Lucian Constantin , OS X , 0-day , Java 7 , Jave update

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×