Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Angered by Apple delay, hacker posts Mac Java attack code

May 20, 2009 03:46 PM ET

Active Comments
Mike91163 says: After all, Mac users NEVER visit any "nefarious" websites. Why? They're too busy spewing their "We're the BEST!" nonsense all...
pete says: If you take a mac out of the box and connect it to a network you will get rooted. The...


IDG News Service - In an effort to draw attention to a long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.

The software, which could be used by hackers to run an unauthorized system on a Mac, was posted Tuesday by Landon Fuller, a security researcher in San Francisco. It exploits a nasty bug in the Java software that ships with Mac OS X. This bug was fixed by Java's creator, Sun Microsystems, on Dec. 3, but Apple has still not included the fix in its software updates.

"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."

Fuller's proof of concept code runs Mac's Say software to make the computer say "I'm executing an innocuous user process," but it could be adapted by criminals to run malicious programs on the computer.

Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue. "This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company said in a note on its Web site. "All a user has to do is visit a web page hosting a malicious Java applet to be exploited."

Apple would not say when it plans to patch the bug, but a company spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix." The company released security updates for its Mac OS software just last week.


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

In an effort to draw attention to a long-standing security problem in Apple's Mac OS X operating system

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

High Performance for Integrating Massive Data Volumes
Processing very large data sets provides unique constraints, especially when time windows available for this processing are shrinking. This Technical White Paper presents...  

Gartner Podcast: Driving SharePoint Adoption in Lotus Notes Shops
Learn how can you drive mainstream user adoption of Microsoft SharePoint when your users are committed to using email.

IDC Webcast: Linux Adoption in a Global Recession
Access this webcast, compliments of Novell and HP, for a limited time only!

Whitepaper: Drive SharePoint Adoption in Lotus Notes Shops
Learn how you can drive your users to Microsoft SharePoint when they rely on IBM Lotus Notes.  


IT Jobs