On May 12th, Apple released a whopper of a security update - patching a total of 67 security vulnerabilities in Mac OS X and Safari. Still, they managed to leave a five-month-old critical Java vulnerability unpatched. Yesterday, a proof of concept exploit for Apple's unpatched Java vulnerability was published on the Web, prompting Intego to issue an alert warning of likely exploits to come.
According to Intego, successful exploit "can lead to 'drive-by attacks', where users are attacked simply by visiting a malicious web site and loading a web page. If a Java applet is loaded in a web browser, and malicious code is run, this flaw can allow hackers to run code and potentially access or delete files on any Mac, and run applications for which the user has permission. In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac."
For the full Intego alert, see: Java/Evasion.A Java Vulnerability.
I would say "folks, it's time to patch your systems", but Apple has yet to provide such a patch. Your best bet is to stop using Safari, switch to Firefox and install the NoScript addon to guard against hostile websites.Comments
No comments yet. Leave a Comment