Apple on Wednesday released a fix for a highly critical flaw affecting users of its Mac OS X operating system.
The Apple patch comes exactly three months after Sun Microsystems Inc.s original warning that a vulnerability in its JRE (Java Runtime Environment) could allow an attacker to turn off Javas security feature and execute malicious code on a compromised machine.
Apple Computer Inc., based in Cupertino, Calif., said the Mac OS X patch updates Java to correct the issue, wherein an untrusted applet could gain elevated privileges and potentially execute arbitrary code.
Independent research firm Secunia, which first flagged the flaw last November, rates the Apple patch as “highly critical.”
Security experts are also questioning why it took three months for Apple to patch such a high-profile vulnerability.
“Sadly, were at the stage where its not unusual for a software firm to take three months to fix [a serious flaw],” said Johannes Ullrich, chief technology officer at the SANS Internet Storm Center.
“The problem is severe, and exploit code has been made available shortly after the vulnerability was announced,” Ullrich told eWEEK.com.
Apple officials could not be reached to discuss the timing of the patch.
Michael Haisley, an incident handler at the SANS ISC, called on Apple to do a better job of addressing well-known vulnerabilities in a timely manner. If not, Haisley warned, “Mac OS systems will likely become a much more favorable target for attackers.”