Menu
Angered by Apple delay, hacker posts Mac Java attack

Angered by Apple delay, hacker posts Mac Java attack

Sun fixed the Java flaw in December, but Apple hasn't shipped the update

In an effort to draw attention to an long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.

The software, which could be used by hackers to run an unauthorized system on a Mac, was posted Tuesday by Landon Fuller, a security researcher in San Francisco.

It exploits a nasty bug in the Java software that ships with Mac OS X.

This bug was fixed by Java's creator, Sun Microsystems, on Dec. 3, but Apple has still not included the fix in its software updates.

"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue.

"Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."

Fuller's proof of concept code runs Mac's Say software to make the computer say "I'm executing an innocuous user process", but it could be adapted by criminals to run malicious programs on the computer.

Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue.

"This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company said in a note on its Web site.

"All a user has to do is visit a web page hosting a malicious Java applet to be exploited."

Apple would not say when it plans to patch the bug, but a company spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix."

The company released security updates for its Mac OS software just last week.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags exploits and vulnerabilitiesApplejavaMac OS Xhackerhacking

Featured

Slideshows

HP channel recognised at 2017 Partner Awards

HP channel recognised at 2017 Partner Awards

The HP Partner Awards 2017 at Shed 10 kicked off with an AMD-sponsored hackers lounge, a mysterious gaming style area filled with dry ice and red lasers, the waiters wearing Mr Robot style masks.

HP channel recognised at 2017 Partner Awards
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments