Top

Critical Mac OS X Java Vulnerabilities

May 20, 2009 by Ross McKillop 

As reported by Slashdot, OS X is still vulnerable to a security flaw via Java. According to bikemonkey:

(this vulnerability allows) malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable.

It is strongly suggested that you disable Java applets in your browsers and disable Open “safe” files after downloading in Safari.

There’s a proof of concept here which will execute /usr/bin/say and ‘read’ you a message - showing that any file you have permission to run, someone else can run too, just by embedding Java on a web page.

Random Posts

Filed Under: Apple News

To receive articles like this one delivered directly to your inbox, enter your email address in the field below. You can always opt out of these updates at any time.

Share/Save/Bookmark

Comments

One Response to “Critical Mac OS X Java Vulnerabilities”

  1. Critical Mac OS X Java Vulnerabilities | MostOfMyMac.com on May 20th, 2009 9:10 am

    [...] Originally posted here [...]

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!





Bottom