updated 01:30 pm EDT, Wed May 20, 2009
Java vulnerability in OS X
Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to "drive-by-attacks" which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system.
Intego and security researcher Landon Fuller both claim Apple has been aware of the issue for over five months. The vulnerability poses particularly high risk because of the potential for hackers to use privilege escalation to run system-level processes and gain total access to computers.
Although the particular malicious applets have not yet been found in the wild, Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.