Mac terinfeksi malware

ZDNet:

Third-party software is an ideal vector. The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn’t get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java.


Mungkin inilah alasannya Canonical menghapus Java dari repositori Ubuntu (dan menggantinya dengan OpenJDK):

Oracle has published an advisory about security issues in the version of Java we currently have in the partner archive [3]. Some of these issues are currently being exploited in the wild.

Due to the severity of the security risk, Canonical is immediately releasing a security update for the Sun JDK browser plugin which will disable the plugin on all machines. This will mitigate users’ risk from malicious websites exploiting the vulnerable version of the Sun JDK.

3 Replies to “Mac terinfeksi malware”

  1. Yes… Open source is better for these security matters..
    It is the reason why I didn’t use OS X until now. It’s not about the arrogant of company, and it also not about productivity. But I choose open source because it is what I need; full of trial-error but flexibility is my choice.  Community is very great in the history of OS.

    How about Android?
    Android is built-in with Linux kernel. But Android ecosystem is *NOT* like Linux ecosystem. The Real Linux users just install what they *need* to avoid exploitation on third party apps
    (or they will read source code to ensure nothing is weird)
    But Android users are also Windows users; they are install apps what they *want*, not what they *need*

    Saya nggak tahu apakah slogan ini masih berlaku: “kenyamanan berbanding terbalik dengan keamanan”

    1. Yes, choose what works.

      Masalahnya adalah Apple memaintain versi Java nya tersendiri, dan patch dari Apple ini datangnya terlambat dari yang dari patch milik Oracle. Untung saja Canonical sudah pindah dari Java ke OpenJDK, setidaknya pergerakan komunitas jauh lebih cepat dari perusahaan.

      Soal Android? Pengguna Linux pun kebanyakan asal main install saja, jarang ada yang betul-betul memanfaatkan kegunaan dari ke-opensource-an Linux, misalnya dengan melihat kode sumber. Tipikal pengguna Linux pemula (terutama yang pake distro Ubuntu) adalah download + double-klik binari, jarang sekali ada yang mau repot2 install dari tarbal. Kalau install dari tarbal dan sukses sampai makefile sukur-sukur, tapi kalau ditengah2 proses make ada dependensi yang kurang biasanya usernya langsung menyerah begitu saja. 

      “kenyamanan berbanding terbalik dengan keamanan” ? ya, kadang-kadang ada kasus seperti itu.

Leave a Reply

Your email address will not be published. Required fields are marked *