Just a couple of days ago we were laughing at Apple’s latest web banner which touted the fact that Mac users have “no PC virus problems.” While I will admit that in your day to day computer usage you are less likely to come against security related issues when using a Mac, when news comes to light that a Mac vulnerability in Mac OS X (including Mac OS X 10.5.7 ) can be exploited, and Apple knew about it for months, kind of shatters your confidence in Mac security.

The security vulnerability in question has been discovered by security expert Landon Fuller; he is the one that after waiting six months for Apple to fix it, has released a proof of concept. It seems that a Java security flaw in Mac OS X could be exploited by a person with malicious intent to perform “drive-by-downloads” – the user visits a web page and he unknowingly downloads malware onto his machine. Since the vulnerability can be exploited via Java, you are very well advised to disable Java applets in your web browser.

“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems,” commented Landon Fuller.

Apple has acknowledged the issue and said a fix will be issued, but a specific release date has not been provided. “We are aware of the issue and we are working on a fix,” said spokesperson Monica Sarkar, refusing to comment any further.