AAPL Stock: 117.81 ( -0.22 )

Printed from

Security companies warn of Java vulnerability in OS X

updated 01:30 pm EDT, Wed May 20, 2009

Java vulnerability in OS X

Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to "drive-by-attacks" which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system.

Intego and security researcher Landon Fuller both claim Apple has been aware of the issue for over five months. The vulnerability poses particularly high risk because of the potential for hackers to use privilege escalation to run system-level processes and gain total access to computers.

Although the particular malicious applets have not yet been found in the wild, Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

Intego's VirusBarrier X5 already blocks potential malware, although disabling Java within the browser may serve as the best protection. Users can leave JavaScript enabled, as the issue only affects Java applets.

by MacNN Staff



  1. simdude

    Joined: Dec 1969



    Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

    You mean the publicity you yourselves, Intego, are generating?

  1. dynsight

    Joined: Dec 1969


    Java Applet


    Does anyone use Java Applets anymore? I mean with FLASH and AJAX, plus server side scripting, I have not run across a Java Applet in over two years.

  1. testudo

    Joined: Dec 1969


    Re: so and applet

    You mean the publicity you yourselves, Intego, are generating?

    Right. It's all Intego's fault. Because we know that hackers have no other communications methods of sharing information. They just wait for the virus companies to let them know of vulnerabilities.

    Does anyone use Java Applets anymore?

    What does that have to do with anything? Last I checked, Safari will load the java plug-in when its requested, not through user action. Thus, go to malicious web page, java app loads, boom, your infected (or whatever the concern is here).

  1. themacjedicali

    Joined: Dec 1969


    Tuestudo gets it

    You are right testudo in criticising the idiots on here who have no clue and who think hackers just wiat around for these press releases. Hackers are more real-time than most would want to know The script kiddies wait for security company releases. The security companies wait for the white-hat hackers to speak up. I know of 3 fairly critical flaws in OS X right now that Apple has yet to fix for literally 2 years or more. I even showed a cute chick at the apple store how to own her bosses laptop and still nothing. I am pretty sure we are not the only ones who know about the flaws either. (we meaning my team). People need to keep aware and turn the smug faces off. I also have no clue why people vote you down when what you say is usually very logical and true. I guess apologists cant stand to have a voice of reason as opposed to choir speeches. Keep it up!

  1. sgirard

    Joined: Dec 1969


    Turn Java Off

    Turn off Java support in your web browser preferences. You don't need Java most of the time, and you will get a notice to turn it on if a Java applet needs to run. Gruber at pointed a link to a demo of the vulnerability today. I tried it; it worked; I immediately turned off Java support in my browsers.

  1. testudo

    Joined: Dec 1969



    And do you notice that the normal spate of "Oh, OS X is just so secure! These are bogus!" commenters are extremely quiet. Oh, right, they don't like to talk during real threats. They just ignore them and speak up the next time someone reports a possible security hole...

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented