Security firm warns of Java flaw in Mac OS X
Macintosh security consulting firm SecureMac.com on Tuesday issued a critical warning for what it says is an unpatched Java security vulnerability in Apple’s Mac OS X.
According to the man credited with discovering it, Landon Fuller, the Java flaw even affects the latest version of Mac OS X, 10.5.7, released just a week ago. Fuller has gone so far as to release a proof of concept for the security hole.
The vulnerability could be used to perform what SecureMac refers to as “drive-by-downloads,” or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.
In a post on his Web site, Fuller clearly seems upset and mystified that the vulnerability remains unpatched in the latest versions of the operating system.
“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated,” Fuller said on his site. “Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue.”
Fuller’s demonstration runs on “fully patched” Intel and PowerPC Macs.
The only workaround for the vulnerability is to disable the use of Java applets in your Web browsers and turn off the preference to “Open safe files after downloading” in Safari, he said.
Via cnet.com
No related posts.
Subscribe to the comments for this post
Sorry, comments for this entry are closed at this time.