java

It's just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.

Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java … Read more

Google Chrome and Cirque du Soleil have partnered to show off the potential of the modern Web with an all-HTML5 Cirque performance that's unique to the Web, called Movi.Kanti.Revo.

The name comes from the Esperanto terms for moving, singing, and dreaming, according to the official Movi.Kanti.Revo Google announcement, and the experience does go to great lengths to create a dreamlike world on the Web. During different scenes of Movi .Kanti.Revo (pronounced MOOV-ee CANT-ee REEV-oh), you can interact with the site by moving your body or speaking to your computer. If that sounds a lot … Read more

Mozilla has begun building a new technology called IonMonkey into Firefox to improve its JavaScript performance.

High JavaScript performance is essential in today's hotly competitive browser market, because JavaScript is the language behind complicated Web sites and Web apps such as Google Docs and Facebook. IonMonkey has now been packaged into the "nightly" version of Firefox 18 for hardcore developers; that version is scheduled to become the mainstream version of the browser early in 2013.

IonMonkey is what's called a just-in-time compiler, or JIT for short. In olden days, JavaScript would run line by line in … Read more

MacFixIt Answers is a feature in which we answer questions e-mailed in by our readers.

This week readers wrote in with questions regarding an odd APSD-related firewall error in OS X, the utility and risks of having Java runtimes installed, options for maintaining Mountain Lion on corporate networks, and MacBook battery charging. We welcome views from readers, so if you have any suggestions or alternative approaches to these problems, please post them in the comments!

Question: Best practices to prolong battery life MacFixIt reader Jonathan asks:

Apple has released a security update for the Apple-supported Java runtime for OS X, which many users have installed on their systems. Java for OS X is available for Apple's latest three OS X releases starting with Snow Leopard. The update should be available through Apple's Software Update service (in the Apple menu).

This update was released by Oracle last week to tackle a few outstanding vulnerabilities (separate from those recently found in its latest Java 7 runtime), but since Java 6 for OS X is maintained and distributed by Apple, OS X users have had to wait … Read more

Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

Oracle's latest release of its Java 7 runtime has come under scrutiny in the past few weeks after it was found being actively exploited in malware attacks that target Windows systems. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit.

In response to these findings, … Read more

MacFixIt Answers is a feature in which we answer questions e-mailed in by our readers.

This week readers wrote in with questions regarding an odd apsd-related firewall error in OS X, the utility and risks of having Java Runtimes installed, options for maintaining Mountain Lion on corporate networks, and running MacBooks on a dead battery that will not charge. We welcome views from readers, so if you have any suggestions or alternative approaches to these problems, please post them in the comments!

Question: apsd firewall error in OS X MacFixIt reader Clem asks:

In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.

In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Even though … Read more

A new vulnerability was found last week in the latest Java 7 runtime from Oracle. The vulnerability is currently being used by malware developers to exploit systems with runtime installed.

Similar to the Flashback malware seen affecting Mac systems with unpatched versions of Java installed, this latest threat uses a drive-by attack in which simply visiting a malicious Web page will result in the Java applet running and compromising the system.

When the exploit loads, systems may see a blank Web page with no activity, but may also see a brief Java icon with "Loading" text before this … Read more