Exploit For Unpatched Vulnerability In Mac Os X - Update

[Peaches]

20 May 2009, 15:05

Exploit for unpatched vulnerability in Mac OS X - Update

"The security specialist Landon Fuller has published an exploit for Mac OS X which allows an attacker to take control of a computer by directing a user with Safari to a rigged web page. The cause of the drive-by-download hole has been known since the beginning of December 2008; known vulnerabilities in the de-serialisation of certain objects in the sandbox of the Java Virtual machine. This can allow an untrusted applet to gain higher system privileges.

Sun has since fixed the hole with Java 6 Update 11, released in December, but Apple have not followed suit. Since Apple, according to Fuller, have ignored the obvious error for six months, he decided to demonstrate that the hole really is exploitable. In a short test, The H Security tried Fuller's proof of concept and noted the applet exploited the program /usr/bin/say to make the system say "I am executing an innocuous user process" on an Intel Mac with the latest Mac OS X 10.5.7 running.

Fuller writes that the remedy against such attacks is to disable Java applets (Safari preferences, Security tab) and disable 'Open "safe" files after downloading" (Safari preferences, General tab). The H Security found the first step to be effective in stopping the proof of concept working, but were unable to determine what effect, if any, the second step has on closing the hole."

Heise security - http://www.h-online.com/security/Exploit-f...e--/news/113337

>>>>>>>>>>>>>