toggle

AAPL Stock: 97.03 ( -0.16 )

Printed from http://www.macnn.com

Security companies warn of Java vulnerability in OS X

updated 01:30 pm EDT, Wed May 20, 2009

Java vulnerability in OS X

Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to "drive-by-attacks" which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system.

Intego and security researcher Landon Fuller both claim Apple has been aware of the issue for over five months. The vulnerability poses particularly high risk because of the potential for hackers to use privilege escalation to run system-level processes and gain total access to computers.

Although the particular malicious applets have not yet been found in the wild, Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

Intego's VirusBarrier X5 already blocks potential malware, although disabling Java within the browser may serve as the best protection. Users can leave JavaScript enabled, as the issue only affects Java applets.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. simdude

    Joined: Dec 1969

    0

    so...

    Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

    You mean the publicity you yourselves, Intego, are generating?

  1. dynsight

    Joined: Dec 1969

    +2

    Java Applet

    Um,

    Does anyone use Java Applets anymore? I mean with FLASH and AJAX, plus server side scripting, I have not run across a Java Applet in over two years.

  1. testudo

    Joined: Dec 1969

    -2

    Re: so and applet

    You mean the publicity you yourselves, Intego, are generating?

    Right. It's all Intego's fault. Because we know that hackers have no other communications methods of sharing information. They just wait for the virus companies to let them know of vulnerabilities.

    Does anyone use Java Applets anymore?

    What does that have to do with anything? Last I checked, Safari will load the java plug-in when its requested, not through user action. Thus, go to malicious web page, java app loads, boom, your infected (or whatever the concern is here).

  1. themacjedicali

    Joined: Dec 1969

    0

    Tuestudo gets it

    You are right testudo in criticising the idiots on here who have no clue and who think hackers just wiat around for these press releases. Hackers are more real-time than most would want to know The script kiddies wait for security company releases. The security companies wait for the white-hat hackers to speak up. I know of 3 fairly critical flaws in OS X right now that Apple has yet to fix for literally 2 years or more. I even showed a cute chick at the apple store how to own her bosses laptop and still nothing. I am pretty sure we are not the only ones who know about the flaws either. (we meaning my team). People need to keep aware and turn the smug faces off. I also have no clue why people vote you down when what you say is usually very logical and true. I guess apologists cant stand to have a voice of reason as opposed to choir speeches. Keep it up!

  1. sgirard

    Joined: Dec 1969

    +1

    Turn Java Off

    Turn off Java support in your web browser preferences. You don't need Java most of the time, and you will get a notice to turn it on if a Java applet needs to run. Gruber at daringfireball.com pointed a link to a demo of the vulnerability today. I tried it; it worked; I immediately turned off Java support in my browsers.

  1. testudo

    Joined: Dec 1969

    -2

    hmmm

    And do you notice that the normal spate of "Oh, OS X is just so secure! These are bogus!" commenters are extremely quiet. Oh, right, they don't like to talk during real threats. They just ignore them and speak up the next time someone reports a possible security hole...

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

toggle

Most Commented