Exploit for 6-months Old Mac OS X Vulnerability in the Wild
Article by George Norman
On 21 May 2009
Just a couple of days ago we were laughing at Apple’s latest web banner which touted the fact that Mac users have “no PC virus problems.” While I will admit that in your day to day computer usage you are less likely to come against security related issues when using a Mac, when news comes to light that a Mac vulnerability in Mac OS X (including Mac OS X 10.5.7 ) can be exploited, and Apple knew about it for months, kind of shatters your confidence in Mac security.

The security vulnerability in question has been discovered by security expert Landon Fuller; he is the one that after waiting six months for Apple to fix it, has released a proof of concept. It seems that a Java security flaw in Mac OS X could be exploited by a person with malicious intent to perform “drive-by-downloads” – the user visits a web page and he unknowingly downloads malware onto his machine. Since the vulnerability can be exploited via Java, you are very well advised to disable Java applets in your web browser.

Advertising

“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems,” commented Landon Fuller.

Apple has acknowledged the issue and said a fix will be issued, but a specific release date has not been provided. “We are aware of the issue and we are working on a fix,” said spokesperson Monica Sarkar, refusing to comment any further.



Tags: Apple, Mac OS X, Java, Security, Vulnerability, Exploit, Proof of concept
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
By George Norman on 28 Jul 2017
If you’re a big name famous person and Apple comes knocking at your door, you’re not going to say no. After all, we’ve seen celebrities use their star power to endorse technology time and time again.
By George Norman on 26 Jul 2017
Top-notch real-time protection against viruses doesn’t have to cost money, not if you go with the recently introduced Kaspersky Free antivirus solution. It may not come with a lot of bells and whistles, but it nicely covers all the basics and...
By George Norman on 31 Jul 2017
Are people taking better care of their passwords, or have their password habits changed for the worse? To get an answer to that question, data loss prevention software company Digital Guardian surveyed a thousand people about their password security habits and found that...
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Exploit for 6-months Old Mac OS X Vulnerability in the Wild
HTML Linking Code