Exploit for 6-months Old Mac OS X Vulnerability in the Wild
Article by George Norman
On 21 May 2009
Just a couple of days ago we were laughing at Apple’s latest web banner which touted the fact that Mac users have “no PC virus problems.” While I will admit that in your day to day computer usage you are less likely to come against security related issues when using a Mac, when news comes to light that a Mac vulnerability in Mac OS X (including Mac OS X 10.5.7 ) can be exploited, and Apple knew about it for months, kind of shatters your confidence in Mac security.

The security vulnerability in question has been discovered by security expert Landon Fuller; he is the one that after waiting six months for Apple to fix it, has released a proof of concept. It seems that a Java security flaw in Mac OS X could be exploited by a person with malicious intent to perform “drive-by-downloads” – the user visits a web page and he unknowingly downloads malware onto his machine. Since the vulnerability can be exploited via Java, you are very well advised to disable Java applets in your web browser.

Advertising

“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems,” commented Landon Fuller.

Apple has acknowledged the issue and said a fix will be issued, but a specific release date has not been provided. “We are aware of the issue and we are working on a fix,” said spokesperson Monica Sarkar, refusing to comment any further.



Tags: Apple, Mac OS X, Java, Security, Vulnerability, Exploit, Proof of concept
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 19 Jul 2017
Apple celebrated World Emoji Day by presenting 12 upcoming emoji characters that will be available across Apple devices later this year.
By George Norman on 09 Aug 2017
Android started out as an underdog, as the mobile operating system that nobody took seriously. Big-name tech companies laughed it off and critics said it would fail miserably, but Android proved them all wrong and become the powerhouse that it is today.
By George Norman on 10 Jul 2017
Did you know that life is easier on iPhone? Put down the pitchforks for a moment and let me explain. And put out those torches as well...
By George Norman on 10 Jul 2017
With technology constantly evolving, many devices become obsolete and get replaced with something that's better, smaller, and probably a lot shinier.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Exploit for 6-months Old Mac OS X Vulnerability in the Wild
HTML Linking Code