Peaches Posted May 20, 2009 Report Share Posted May 20, 2009 Six months on, Macs still plagued by critical Java vulnNo Java applets for you!By Dan Goodin in San Francisco19th May 2009 18:05 GMT"More than six months after Sun Microsystems warned that a flaw in its Java virtual machine made it trivial for attackers to execute malware on end users' machines, the vulnerability remains unpatched on Apple's Mac platform.Most other operating systems, including Windows and major Linux distributions, fixed the bug months ago. That's a good thing given it is actively being exploited in the wild. Penetration testers, including Immunity and VUPEN Security, consider the threat significant enough to offer their customers exploit code that tests against the bug."This bug, and others like it, are essentially 'write once, own all' type deals," Immunity researcher Bas Alberts wrote in an email to The Reg. "So yeah, they're fairly interesting to people on the offense side of the fence."Full article at The Register - http://www.theregister.co.uk/2009/05/19/un..._vulnerability/ Quote Link to post Share on other sites
isteve Posted May 20, 2009 Report Share Posted May 20, 2009 If any mac users are worried about this you can either make sure "open safe files after downloading" in safari preferences isn't enabled or uncheck Java enable preference. Or run Firefox with No Script.As of now this is just a proof of concept there are no Mac exploits in the wild. And if a exploit does hit before Sun issues a patch remember never install a app you didn't download. Quote Link to post Share on other sites
iccaros Posted May 20, 2009 Report Share Posted May 20, 2009 oh..Security researchers say that Mac OS X users are vulnerable to a critical, 6-month-old, remote vulnerability in Java, a component that is enabled by default in Web browsers on this platform. Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is 'a pure Java vulnerability' and doesn't involve any native code. It affected not only Sun's Java but other implementations such as OpenJDK, on multiple platforms, including Linux and Windows. 'This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers,' Julien wrote. This bug was demonstrated during the Pwn2own security challenge this year at CanSecWest, but the details were not made public at that time. Tinnes recommends that Mac OS X users disable Java in their browsers until Apple releases a security update."important part: on multiple platforms, including Linux and Windowsso all systems Quote Link to post Share on other sites
jcl Posted May 21, 2009 Report Share Posted May 21, 2009 As of now this is just a proof of concept there are no Mac exploits in the wild. And if a exploit does hit before Sun issues a patch remember never install a app you didn't download.Sun fixed it last year. Apple hasn't rolled the fix into the OS X JRE. Quote Link to post Share on other sites
iccaros Posted May 21, 2009 Report Share Posted May 21, 2009 was that not in the big patch just released by apple?? Quote Link to post Share on other sites
jcl Posted May 22, 2009 Report Share Posted May 22, 2009 was that not in the big patch just released by apple??Nope. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.