Does Flashback affect Doze?

I presume Doze can use Java too. Does anyone know if any variant of
Flashback affects that OS? If not, why not? TIA

In article <fmoore->,
Fred Moore <> wrote:

> I presume Doze can use Java too. Does anyone know if any variant of
> Flashback affects that OS? If not, why not? TIA

the vulnerability was patched months ago on windows.

Lloyd <> wrote:

> In article <090420121335028031%>,
> nospam <> wrote:
>
> > In article <fmoore->,
> > Fred Moore <> wrote:
> >
> > > I presume Doze can use Java too. Does anyone know if any variant of
> > > Flashback affects that OS? If not, why not? TIA
> >
> > the vulnerability was patched months ago on windows.
>
> So has there been a more recent patch?

No, there hasn't. Java 6 Update 31 is the current version.

> If not, Windows Java is at risk again.

What gives you that idea? If there _had_ been a more recent Java patch
then new vulnerabilities would have been announced, which means _Mac_
users and Windows users who have not installed the latest Java update
would be at risk of new variants of malcious software.

If Oracle has not released a more recent Java patch then they also
haven't announced any new known vulnerabilities, so the malware authors
would have to expend more effort to find previously unknown security
issues and exploit them. (Announced vulnerabilities give the malware
authors a much more targetted area to probe.)

Oracle released Java 6 Update 31 in February. It took Apple about two
months to release the Mac version, which gave malware authors a
reasonable window in which to locate and exploit a published
vulnerability, and to get widespread distrubution to Macs, a high
proportion of which were vulnerable and had no Java patch available to
fix the problem.

--
David Empson