Apple Releases Fix for Six Months Old Java Vulnerability in Leopard and Tiger
Apple finally released a patch on June 15, 2009 for a six-month-old critical vulnerability in Mac OS X that could enable attackers to install a data stealing malware on users' computers while they visit any infected site.
The released patch fixes a Java flaw in Leopard and the new version of Tiger operating systems. Using this flaw, attackers could easily install a malicious code in the Mac OS X from a remote location.
The loophole could result in 'drive-by' attacks that occur when a user visits an infected website or simply click on the malicious link. Moreover, Java applets are distributed to vulnerable users by e-mail messages sent for interaction in a social engineering scheme.
After successful execution of malicious code, hackers get full user rights to run applications, delete or change programs, steal personal or critical information and even shutdown user's system.
The Java flaw was first became public in December 2008, but it caught attention of security experts in May 2009 when Landon Fuller, a former Apple engineer, demonstrated a proof-of-concept on his website. The demonstration mainly aimed at showcasing the exploitation of vulnerability for executing malicious attacks or attempts to take control of a user's system.
Fuller also wrote in his blog post that it was unfortunate many critical flaws in Mac OS X were ignored unless an appropriate demonstration of dangers from these flaws were given, as reported by Channel Web on June 15, 2009.
Knowing the fact that exploit for the vulnerability is easily available and the flaw has been brought in public notice six months back, he (Fuller) decided to come up with his own proof-of-concept to highlight the dangers associated with it, said Fuller.
Security community strongly criticized Apple for its slow response to fix the vulnerability known for last six months.
Now the company has asked users of Leopard and OX X Tiger system to install update in order to remain secure from attacks.
Interestingly, security experts have said that Apple's patch followed the announcement of another security warning to Mac users by researchers few days earlier. The warning was related to finding of a malicious Trojan targeted at OS X.
Related article: Apple Patches QuickTime 13 Month Old Flaw
» SPAMfighter News - 19-06-2009