resource center
  See your link here
|
IDG News Service - In an effort to draw attention to a long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.
The software, which could be used by hackers to run an unauthorized system on a Mac, was posted Tuesday by Landon Fuller, a security researcher in San Francisco. It exploits a nasty bug in the Java software that ships with Mac OS X. This bug was fixed by Java's creator, Sun Microsystems, on Dec. 3, but Apple has still not included the fix in its software updates.
"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."
Fuller's proof of concept code runs Mac's Say software to make the computer say "I'm executing an innocuous user process," but it could be adapted by criminals to run malicious programs on the computer.
Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue. "This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company said in a note on its Web site. "All a user has to do is visit a web page hosting a malicious Java applet to be exploited."
Apple would not say when it plans to patch the bug, but a company spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix." The company released security updates for its Mac OS software just last week.
IDG.net
High Performance for Integrating Massive Data Volumes
Processing very large data sets provides unique constraints, especially when time windows available for this processing are shrinking. This Technical White Paper presents...
Gartner Podcast: Driving SharePoint Adoption in Lotus Notes Shops
Learn how can you drive mainstream user adoption of Microsoft SharePoint when your users are committed to using email.
Improve Operational Efficiencies
Download Now
IDC Webcast: Linux Adoption in a Global Recession
Access this webcast, compliments of Novell and HP, for a limited time only!
Whitepaper: Drive SharePoint Adoption in Lotus Notes Shops
Learn how you can drive your users to Microsoft SharePoint when they rely on IBM Lotus Notes.
Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management
Download this webcast, free, compliments of Nokia.
7 Tricks and Tips for Windows 7 - Part 1
Download Now
Data in Action: Making the Planet Smarter
Register Now
7 Tricks and Tips for Windows 7 - Part 2
Download Now
Sign up to receive updates on the latest Operating Systems resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
