Java’s Broken Sandbox

Apple has just — finally — patched a bunch of well-known Java-related security issues with OS X. The Mac world can breath a sigh of relief that a potential threat to people who haven’t turned off Java in their web browsers has been averted… until the next “pwn to own” competition.

The biggest security issues on the Mac all seem to be Java-related. (Once you figure out how to get OS X to “execute arbitrary code” through some other security issue, the next biggest issue is Apple’s failure to effectively implement Address Space Layout Randomization, but Java’s the main way people seem to get to that point.)

The obvious way to handle this problem would be (a) for Apple to turn off Java by default, and/or (b) have the OS ask users who have Java switched on to confirm the launch of Java applets the way it asks users to confirm the launching of newly downloaded desktop applications. (This is pretty much how Microsoft has ended up dealing with the gaping security hole that ActiveX represents.)

Even if it weren’t for Java’s abysmal security record, it would be nice to know if you’re about to load a Java applet so you could just avoid that website on principle.

And for our next trick, let’s treat Flash the same way. Indeed, it would be interesting if browsers offered users the option of ignoring Flash but loading flv streams directly into a native player that bypassed Flash. (HTML5’s video tag is a step in that direction — the key would be to have browsers recognize FLV as a streaming video format and do an end-run around video players.) Aside from a few cute games and FLV players, exactly what do we need Flash for anyway?