QUOTE van Slashdot....
Scary? Well... (Score:5, Interesting)
by JavaRob (28971) on Wednesday February 23, @01:53AM
(#11753164)
(
http://jtheory.com/)
This is an serious bug and an important security update, and
I'm not blowing that off... but I gotta live up to my
username and point out the other side of the coin.
So what happened is one version of the JVM, on OSX, has an
exploitable flaw that still leaves it less dangerous than...
well, Active-X, unflawed.
It's not as serious a problem as it looks, also. They can't
install a rootkit or anything like that, just because of the
way OSX is designed. Say you have a Mac, and browsed to a
site hosting a malicious applet (it's not a virus, so you'd
have to *go* there to be in danger, and the website creator
is obviously easier to trace than a virus writer). That
applet could overwrite your documents, and wreak a lot of
havoc, but you're not going to get owned. The Mac will
prompt you for a password before it lets any software touch
the core software (even its own security update!).