|
INTEGO SECURITY MEMO - May 20, 2009
Exploit: Java/Evasion.A Discovered: May 19, 2009 Risk: Serious Description: A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow applications to run easily on multiple platforms and embedded in web pages, has a serious flaw that can allow local code to be executed remotely. This can lead to “drive-by attacks”, where users are attacked simply by visiting a malicious web site and loading a web page. If a Java applet is loaded in a web browser, and malicious code is run, this flaw can allow hackers to run code and potentially access or delete files on any Mac, and run applications for which the user has permission. In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac. Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue. Security researcher Landon Fuller has published, on his web site, a proof-of-concept Java applet that exploits this vulnerability to demonstrate how easy it is to run code remotely. Malicious Java applets can also be circulated by other means, for example, as attachments to e-mail messages. A program called Applet Launcher allows users to run Java applets by double-clicking them. For now, Intego has not found any malicious applets in the wild, but the publicity around this vulnerability will mean that hackers are likely to attempt to exploit it quickly, before Apple issues a security update. VirusBarrier X5 currently blocks this proof-of-concept malware, and will be updated to block any malicious Java applets that are discovered.
If you use Firefox, this setting is found on the Content tab of the program’s preferences. Intego VirusBarrier X5 with virus definitions dated May 20, 2009 or later detects this proof-of-concept applet and will be updated to block any malicious Java applets that are discovered. Intego recommends that users never download and install software from untrusted sources or questionable web sites, and that people use care when opening unexpected attachments to e-mail messages, even from friends and colleagues.
Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego's multilingual software repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan. We protect your world. |
This is a very low priority vulnerability that requires the malicious code it can run to be "local"... in other words, already installed on your computer.
"In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac."
Here Intego raises the specter of a Java Applet invoking a hypothetical privilege escalating vulnerability (since the Java Applet can only invoke already existing apps, it's worth noting that a privilege escalating app is something that does not exist) to further raise FUD about pwning your Mac and make you rush out and buy their anti-V product.
If you are worried about this so far unexploited Java vulnerability, use the instructions above from Intego to disable Safari from using Java. Oh, and don't download and install Applet Launcher.
