SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Critical Mac OS X Java Vulnerability Proof of Concept

Posted on May 19, 2009

Posted: May 19th, 2009

Security Risk: Critical

Today, Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the Java Runtime Environment currently in use by OS X. While this particular proof-of-concept is meant to be harmless, the vulnerability itself currently affects OS X, including OS X 10.5.7, the latest shipping version of OS X. This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited. Until Apple patches their implementation of Java, we recommend that users disable Java applets in their web browser.

Users can disable Java applets in Safari by opening Safari preferences, clicking the Security tab, and unchecking the “enable java” checkbox. Users should also disable the ‘open “safe” files after downloading’ option under the General tab of the Safari preferences. This vulnerability can also be exploited in the Firefox web browser, or any browser than can run Java applets. Further information about this exploit can be found at:

SecureMac will keep users updated as more news about this exploit becomes available.

Join our mailing list for the latest security news and deals