Angered by Apple delay, hacker posts Mac Java attack

Sun fixed the Java flaw in December, but Apple hasn't shipped the update

In an effort to draw attention to an long-standing security problem in Apple's Mac OS X operating system, a security researcher has posted attack code that exploits the flaw.

The software, which could be used by hackers to run an unauthorized system on a Mac, was posted Tuesday by Landon Fuller, a security researcher in San Francisco.

It exploits a nasty bug in the Java software that ships with Mac OS X.

This bug was fixed by Java's creator, Sun Microsystems, on Dec. 3, but Apple has still not included the fix in its software updates.

"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue.

"Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."

Fuller's proof of concept code runs Mac's Say software to make the computer say "I'm executing an innocuous user process", but it could be adapted by criminals to run malicious programs on the computer.

Security vendor SecureMac advises Mac users to disable Java in their Web browser until Apple fixes the issue.

"This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company said in a note on its Web site.

"All a user has to do is visit a web page hosting a malicious Java applet to be exploited."

Apple would not say when it plans to patch the bug, but a company spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix."

The company released security updates for its Mac OS software just last week.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags exploits and vulnerabilitiesApplejavaMac OS Xhackerhacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?