Exploit for 6-months Old Mac OS X Vulnerability in the Wild
Just a couple of days ago we were laughing at Apple’s latest web banner which touted the fact that Mac users have “no PC virus problems.” While I will admit that in your day to day computer usage you are less likely to come against security related issues when using a Mac, when news comes to light that a Mac vulnerability in Mac OS X (including Mac OS X 10.5.7 ) can be exploited, and Apple knew about it for months, kind of shatters your confidence in Mac security.
The security vulnerability in question has been discovered by security expert Landon Fuller; he is the one that after waiting six months for Apple to fix it, has released a proof of concept. It seems that a Java security flaw in Mac OS X could be exploited by a person with malicious intent to perform “drive-by-downloads” – the user visits a web page and he unknowingly downloads malware onto his machine. Since the vulnerability can be exploited via Java, you are very well advised to disable Java applets in your web browser.
“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems,” commented Landon Fuller.
Apple has acknowledged the issue and said a fix will be issued, but a specific release date has not been provided. “We are aware of the issue and we are working on a fix,” said spokesperson Monica Sarkar, refusing to comment any further.
Tags: Apple, Mac OS X, Java, Security, Vulnerability, Exploit, Proof of concept
The security vulnerability in question has been discovered by security expert Landon Fuller; he is the one that after waiting six months for Apple to fix it, has released a proof of concept. It seems that a Java security flaw in Mac OS X could be exploited by a person with malicious intent to perform “drive-by-downloads” – the user visits a web page and he unknowingly downloads malware onto his machine. Since the vulnerability can be exploited via Java, you are very well advised to disable Java applets in your web browser.
Advertising
“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems,” commented Landon Fuller.
Apple has acknowledged the issue and said a fix will be issued, but a specific release date has not been provided. “We are aware of the issue and we are working on a fix,” said spokesperson Monica Sarkar, refusing to comment any further.
Tags: Apple, Mac OS X, Java, Security, Vulnerability, Exploit, Proof of concept
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 21 Sep 2011
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered that
By George Norman on 30 Jan 2012
Here is another chance to get Intego products for your Mac OS X-powered machines for a significant discount. Intego is having a sale that is even better than
By George Norman on 20 Dec 2011
If you’re going to get a Mac this Christmas, it pays to keep it safe and secure. There are plenty of nasties out there and you don’t want them to infect your system, now do you? The same goes if you 
By George Norman on 25 Nov 2011
Today, Friday the 25th of November, is Black Friday, the day when just about anyone who has something to sell puts it on sale, offers it to you at a discounted price. The same applies to Intego, company that specializes in providing security solutions for Mac. Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Exploit for 6-months Old Mac OS X Vulnerability in the Wild
HTML Linking Code
HTML Linking Code