Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Update on Unfixed Vulnerability of Mac

» IT Security NEWS
 
» 20 May 2009
Update on Unfixed Vulnerability of Mac
Landon Fuller, a security specialist, had published an exploit for Mac OS X that lets hackers take control of a machine by leading a user using Safari towards a fake webpage containing malware. The origin of this particular hole has been known to the developer community since the start of December last year—it is a drive-by-download bug in the de-serialization of certain objects in the Java Virtual machine's sandbox. This provides the leak that lets suspicious applets access higher system privileges.

Since then, Sun had patched the bug with its Java 6 Update 11, released on the same month the hole was reported, but Apple has not followed suit. Because Apple has ignored the obvious error for half a year now, Fuller has decided to show that the hole really is exploitable. In his brief test, Fuller proved that the applet can exploit the application /user/bin/say in order to force the system to declare "I am executing a harmless user process" on an Intel Mac using the latest Mac OS X 10.5.7 platform.

Fuller notes that the solution against such exploitations is to disable both the "Open 'safe' files after downloading" on the General tab of Safari preferences and the Java applets on the Security tab of Safari preferences. Further tests show that the second step was useful in stopping the hole breach, but it's currently undeterminable what effect, if any, the first step has on fixing the problem.

Besides the Apple Java implementation, the SoyLatte Java port 1.0.3 is also at risk. Fortunately, the current version of SoyLatte has been patched accordingly. A detailed report of the vulnerability and how to take advantage of it has been documented in a blog post by Julien Tinnes.

Heise Security's own tests showed that Firefox running on Mac with OS X is also susceptible to the hole because the open source browser uses the exposed version of the Java installed on the operating system. As such, it's recommended for Mac OS X browser users as well as Firefox users on a Mac to disable Java immediately until a patch is made for the bug.

On the other hand, Georg Wicherski has criticized Fuller for launching an easily decompilable proof of concept and has published part of the decompiled source of the exploit on his own blog. He decompiled the proof of concept using jad decompiler—something any hacker could do—and showed that most anyone with a Java compiler could create a drive-by-exploit for Mac OS X using Fuller's proof of concept as a blueprint of sorts.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245