MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/09/05/20/java.vulnerability.in.os.x/

Security companies warn of Java vulnerability in OS X

updated 01:30 pm EDT, Wed May 20, 2009

 

Java vulnerability in OS X


Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to "drive-by-attacks" which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system.

Intego and security researcher Landon Fuller both claim Apple has been aware of the issue for over five months. The vulnerability poses particularly high risk because of the potential for hackers to use privilege escalation to run system-level processes and gain total access to computers.

Although the particular malicious applets have not yet been found in the wild, Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

Intego's VirusBarrier X5 already blocks potential malware, although disabling Java within the browser may serve as the best protection. Users can leave JavaScript enabled, as the issue only affects Java applets.


by MacNN Staff

Post tools:

TAGS :

 security, troubleshooting, Mac OS X, Java

Related Articles

Recent Articles

toggle

Comments

  1. simdude

    Fresh-Faced Recruit

    Joined: Jun 2004

    0
    05/20, 02:31pm | report spam | Reply |

    so...

    Intego notes that the publicity could drive hackers to quickly attempt to exploit the vulnerability before Apple releases a patch.

    You mean the publicity you yourselves, Intego, are generating?

  1. dynsight

    Fresh-Faced Recruit

    Joined: May 2005

    +2
    05/20, 03:56pm | report spam | Reply |

    Java Applet

    Um,

    Does anyone use Java Applets anymore? I mean with FLASH and AJAX, plus server side scripting, I have not run across a Java Applet in over two years.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2
    05/20, 05:42pm | report spam | Reply |

    Re: so and applet

    You mean the publicity you yourselves, Intego, are generating?

    Right. It's all Intego's fault. Because we know that hackers have no other communications methods of sharing information. They just wait for the virus companies to let them know of vulnerabilities.

    Does anyone use Java Applets anymore?

    What does that have to do with anything? Last I checked, Safari will load the java plug-in when its requested, not through user action. Thus, go to malicious web page, java app loads, boom, your infected (or whatever the concern is here).

  1. themacjedicali

    Fresh-Faced Recruit

    Joined: Nov 2007

    0
    05/20, 10:04pm | report spam | Reply |

    Tuestudo gets it

    You are right testudo in criticising the idiots on here who have no clue and who think hackers just wiat around for these press releases. Hackers are more real-time than most would want to know The script kiddies wait for security company releases. The security companies wait for the white-hat hackers to speak up. I know of 3 fairly critical flaws in OS X right now that Apple has yet to fix for literally 2 years or more. I even showed a cute chick at the apple store how to own her bosses laptop and still nothing. I am pretty sure we are not the only ones who know about the flaws either. (we meaning my team). People need to keep aware and turn the smug faces off. I also have no clue why people vote you down when what you say is usually very logical and true. I guess apologists cant stand to have a voice of reason as opposed to choir speeches. Keep it up!

  1. sgirard

    Fresh-Faced Recruit

    Joined: Aug 2005

    +1
    05/20, 11:51pm | report spam | Reply |

    Turn Java Off

    Turn off Java support in your web browser preferences. You don't need Java most of the time, and you will get a notice to turn it on if a Java applet needs to run. Gruber at daringfireball.com pointed a link to a demo of the vulnerability today. I tried it; it worked; I immediately turned off Java support in my browsers.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2
    05/21, 08:22am | report spam | Reply |

    hmmm

    And do you notice that the normal spate of "Oh, OS X is just so secure! These are bogus!" commenters are extremely quiet. Oh, right, they don't like to talk during real threats. They just ignore them and speak up the next time someone reports a possible security hole...

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented

 

Popular News