A security hole in Apple's MRJ 2.2.3 allows intruders to view and copy files on your computer's hard drive. The report on Apple's discussion board says that Apple has not responded to the security flaw for the last 45 days. A demo applet is available online.
Comments
Regardless, the only time most people encounter MRJ is when they use Internet Explorer. And we all know Microsoft's software is leak proof...NOT!
I tried that demo applet, and it was horrible! That damn thing was reading all the files right off my hard disk!
Why in the world hasn't Apple fixed this? Apparently they haven't even lifted a finger. What a lousy way to treat their customers!
The link works fine, but you have be registered at the Website (with cookies enabled) to view any tech support forum link.
maybe it's not a hole, maybe it's a backdoor feature for a intelligence organization
Appplet did not work with iCab browser also using MRJ
I have tested Mr. Takagi's applet which supposedly demonstrates this "security hole" with both IE 5 and iCab 2.2 using MRJ 2.2.3. I don't know how he has his system set up, but with my system and no strenuous attempts to secure the system, I have absolutely no problems. The Java applet he posts reports the system as "not vulnerable". No files on my hard drive are read.
Certainly other users' mileage may vary, but this "issue" would not seem to be the huge security hole for all users that Mr. Takagi indicates.
If your hard drive is named something other than "Macintosh HD", then his applet won't affect you. If you want to see the problem change "/Macintosh HD" to "/" and the contents of your hard drive will scroll into the field. Even worse, just type a / in the top field and it will start scanning your volumes.
There's a filter for Proxomitron available to fix the problem; this can be a useful temporary fix until an update becomes available. http://www.geocities.com/macproxfilter
(Note: if you don't know what 'Proxomition' is, then this probably won't be of any use to you)
Netscape had this problem with their Java VM in Netscape 4, although you could only view the file-structure.
To the guy who posted "And we all know Microsoft's software is leak proof...NOT!" There's a time for bashing Microsoft's security, but this isn't it.
Chris
OR
Network Headlines
Most Popular
MacNN Sponsor
Recent Reviews
iHome iW2 AirPlay speaker
iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...
Logitech Ultrathin Keyboard Cover
One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...
Logitech UE Air Speaker
If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...
Most Commented
Popular News
Joined:
link no work
Did Apple pull that tech discussion? the link does work