In an effort to draw attention to an long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.
The software, which could be used by hackers to run an unauthorized system on a Mac, was posted Tuesday by Landon Fuller, a security researcher in San Francisco. It exploits a nasty bug in the Java software that ships with Mac OS X. This bug was fixed by Java's creator, Sun Microsystems, on Dec. 3, but Apple has still not included the fix in its software updates.
"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."
Fuller's proof of concept code runs Mac's Say software to make the computer say "I'm executing an innocuous user process", but it could be adapted by criminals to run malicious programs on the computer.
Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue. "This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company said in a note on its Web site. "All a user has to do is visit a web page hosting a malicious Java applet to be exploited."
Apple would not say when it plans to patch the bug, but a company spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix." The company released security updates for its Mac OS software just last week.
Rss FeedRss Feed
The Leader in Network Knowledge
Partner Content
www.bmc.com
Gartner 2009 Magic Quadrant for Job Scheduling
Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.
Download whitepaper
Dell's SMART Approach to Workload Automation
Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.
Download whitepaper
Workload Automation Cost Savings 2 Minute Video
A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member. See how in this 2-minute video overview.
Go to video
Comments (11)
perhaps...By Anonymous on May 21, 2009, 7:51 pmhe should have made it say something worse. Then maybe they'd care.
Reply | Read entire comment
Wait...By Anonymous on May 21, 2009, 5:14 pmWait, my TV just told me Macs don't have bugs?? What's going on? I'm so confused...
Reply | Read entire comment
Perhaps...By Anonymous on May 21, 2009, 7:21 pmhe should have made it say "If this was Windows, you wouldn't be seeing this message." _That_ would have gotten some attention from the clowns in Cupertino.
Reply | Read entire comment
Is nothing sacred?By Anonymous on May 21, 2009, 8:14 pmHow could anyone be so crude as to attack the most wonderful, most secure, most deified operating system in the world?
Reply | Read entire comment
"Working on a fix"By Anonymous on May 21, 2009, 8:40 pmAn Apple spokeswoman said "we are working on a fix"? The article previously mentions "The bug was fixed by Java's creator, Sun Microsystems ..." So what exactly...
Reply | Read entire comment
So an expert in security whoBy Anon on May 22, 2009, 6:53 amSo an expert in security who has made his career in defeating malicious attacks on personal computers has released code that could enable attacks on the only platform...
Reply | Read entire comment
View all comments