$bbtitle
Apple Stock: 194.34 ( +0.3099 )
RSS RSS Twitter Twitter
Search:
AppleInsider.com Archives News Bytes Reviews Anonymous Mailer Submit Story AppleInsider Forums Mac Prices Polls Advertise on AppleInsider Contact AppleInsider
Save up to $280 on new MacBook Pros and up to $150 on brand new iMacs with special coupons: Mac Pricing Guide updated Nov 6th (Find the best prices on Macs).
Wednesday, May 20, 2009

Security firm warns of Java vulnerability in Mac OS X

By Sam Oliver

Published: 06:30 PM EST

The version of Java that Apple currently includes with Mac OS X contains a critical security vulnerability that has gone unrepaired for months and may put Mac OS X users at risk, Mac security software developer Intego said Wednesday.

The firm says that Java, which can be used to write standalone applications that run across multiple platforms or applets that are embedded in web pages, has a serious flaw that could allow local code on a user's Mac to be executed remotely.

"This can lead to 'drive-by attacks,' where users are attacked simply by visiting a malicious web site and loading a web page," the firm said.

The exploit could allow a third-party to execute code, access or delete files, or run applications on the compromised machine. Combined with other exploits, hackers could even potentially run system-level processes and gain total access over the affected Mac.

Since the vulnerability relies solely on Java, with no native code required, it theoretically exists in all browsers on all platforms that have not been patched. This is the case with Mac OS X 10.5.7 and earlier, meaning the vulnerability affects even the update released just a week ago.

The firm claims that Apple has been aware of the exploit for at least five months, when it was publicly disclosed and fixed by Sun, but has yet to issue a security patch. It was first discovered by Landon Fuller, who has released a proof of concept exemplifying the security hole.

Intego says it has not found any malicious applets in the wild thus far, but the publicity around this vulnerability may entice hackers to target the exploit before Apple issues a security update. The firm's VirusBarrier X5 already blocks potential malware but unless users are sure they trust the site they're viewing, simply disabling Java in the browser may provide the best protection while Apple works on a fix.

Safari


To do this, launch Safari, choose Safari > Preferences, click the Security tab, and uncheck Enable Java if it is checked. In Firefox, this setting is found on the Content tab of the program’s preferences. It is safe to leave JavaScript activated, since the vulnerability only affects Java applets.
Filed under : Mac OS X 54 Comments ] 
Story topics: Security   Print ] [ Story Link ] 


Pre-Order VMware Fusion 3
RSS
RSS
RSS
Mac Poker players can play Full Tilt Poker for Mac and get 100% to $600 free with bonus code MP600, courtesy of Online Poker Mac
AppleInsider Features
Hot Forum Topics

Recent Articles
Doom game creator suggests Apple embarrassed about iPhone gaming
Report: Apple to launch Verizon iPhone in Q3 2010
Apple unveils holiday shopping in-store pickup option
Apple's Broadway store to open Saturday, Nov. 14
Bizarre lawsuits connect Apple with Sarah Jessica Parker, Lil' Wayne
Apple predicted to countersue in legal battle with Nokia
Windows 7 tops Vista software sales, lags behind in hardware
Report: Apple testing RFID swipe support in iPhone prototypes
Inside Google's Android and Apple's iPhone OS as core platforms
Apple looks to hire new iPhone OS security manager
Apple investigating 'Grab & Go' simplified cross-platform sync
Apple co-founder Steve Jobs named Fortune 'CEO of the Decade'
Review roundup: Motorola Droid, Verizon's first Android handset
Apple's latest 10.6.2 beta packs fixes for VMWare, iMacs, Apple TV
Latest Snow Leopard build resurrects Atom compatibility
Bell, Telus provide new iPhone competition in Canada
'Art project' video game attacks Apple Mac machines
Hacker cracks Apple's latest iPhone 3GS security measures
The Beatles go digital with apples, but still not Apple's iTunes
Apple announces App Store offerings top 100,000
Apple launches iTunes Music Movies with exclusive content
Parallels Desktop 5 for Mac claims speed superiority
AT&T brings lawsuit against Verizon over 'Map' ad campaign
Canalys Q3 2009: iPhone, RIM taking over smartphone market
Hit-or-miss site claims 4G iPhone part; French exclusivity ends
Despite disappointing China debut, iPhone's 2010 predicted to be strong
Philadelphia's first Apple store moves closer to reality
Exclusive look at Apple's new iPod touch-based EasyPay checkout
China Unicom gains 5,000 iPhone subscribers from launch
iPhone makes enterprise market inroads for Apple
Apple pitches $30-a-month iTunes TV subscriptions - report
Apple's iPhone sees tepid sales debut in China
Apple's 2010 capital expenditures could signal major investments
Apple rumored to disable Atom support with Mac OS X 10.6.2
Apple advertising guru says he's 'not going anywhere'
First Look: Apple's 27" big screen iMac
Last chance this year to save an extra 3% on iMacs, white MacBooks
Visionary behind Apple's '1984' advertisement steps down
Flash playback issues reported on Apple's new 27-inch iMacs
Apple expands school initiative with Atlanta MacBook program

AppleInsider Market Place

Sell your Laptop - working or not. Free shipping.: Get an instant online quote and sell your laptop today !

Believe in Office: Save Up To 25% on Office 2004 For Mac. Visit Our Site for Details!

IBackup - SMB Online Backup: IBackup is the preferred online storage and backup service of choice for SMBs for its ease of use, security and value. Offers automated backup and restore, file selection and securiy.

Download free software - everyday updated freeware files

 
Advertisements








AppleInsider RSS Feed
AppleInsider © 1997-2008
Please review our Privacy Policy.
Written/Edited/Compiled by the AppleInsider Staff.