The Latest Apple Security Problem and What You Should Do

Tag Archive for Mac OS X

DCDan | February 25, 2014

The Latest Apple Security Problem and What You Should Do

TL;DR version:
If you use an iPhone or iPad update it to the latest version of iOS which came out a couple of days ago.
If you use Mac OS X (laptop), use Chrome or Firefox to browse the web until an update is released.

For the long version, I’m going to make the assumption that you have a technical background:
A bug was recently discovered in Mac OS X 10.9 that means the signing chain for an SSL/TLS certificate isn’t verified. This makes a man-in-the-middle attack possible. This is certainly big news and should be patched as quickly as possible the exploit requires the attacker to jump through a lot of hoops to exploit it. They’d have to hijack your DNS and have site that look similar enough to the real site to prompt you put in your username/password. If you’re on your home network this probably isn’t the case if you’re on public wifi it’s more likely but would involve someone first having to hack the router at the cafe and redirect it to poisoned DNS servers and have a site(s) up and running that would convince you put in your username/password, but if you’re concerned about privacy on unknown networks you are using a VPN like Private Internet Access anyway right?

FWIW this code was likely discovered because the core of Mac OS X (Darwin) is open source and the code is verifiable.

UPDATE: Apple has released an update for Mac OS X install this and all will be well.

Category: DCDan, Technology | Tags: computer, Mac OS X, security

DCDan | April 24, 2013

Using both Java 1.7 and 1.6 on Mountain Lion

Here’s the situation you need to use both JDK 1.7 and JDK 1.6 for different projects you are working on with Mac OS X. You already have Java 1.6 installed and ran the installer for Java 1.7 from Oracle but no matter what you do java -version will only show 1.6.

Here’s what you do to use 1.7 run the following:
sudo rm /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK sudo ln -s /Library/Java/JavaVirtualMachines/jdk1.7.0_21.jdk/Contents/ /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK

To use 1.6 run the following:
sudo rm /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK

Note you may have to adjust for the exact version for example if you installed jdk1.7.0_12.jdk.

Here’s an example:
thor:~ dan$ sudo rm /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK thor:~ dan$ sudo ln -s /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK thor:~ dan$ java -version java version "1.6.0_45" Java(TM) SE Runtime Environment (build 1.6.0_45-b06-451-11M4406) Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01-451, mixed mode) thor:~ dan$ sudo rm /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK thor:~ dan$ sudo ln -s /Library/Java/JavaVirtualMachines/jdk1.7.0_21.jdk/Contents/ /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK thor:~ dan$ java -version java version "1.7.0_21" Java(TM) SE Runtime Environment (build 1.7.0_21-b12) Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)