Intego Security Memo: Java/Evasion.A Java Vulnerability
May 2009 by Intego Security Alert
Discovered: May 19, 2009
Description: A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow applications to run easily on multiple platforms and embedded in web pages, has a serious flaw that can allow local code to be executed remotely. This can lead to “driveby attacks”, where users are attacked simply by visiting a malicious web site and loading a web page. If a Java applet is loaded in a web browser, and malicious code is run, this flaw can allow hackers to run code and potentially access or delete files on any Mac, and run applications for which the user has permission. In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac. Apple has been aware of this vulnerability for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue. Security researcher Landon Fuller has published, on his web site, a proof-of-concept Java applet that exploits this vulnerability to demonstrate how easy it is to run code remotely.
Malicious Java applets can also be circulated by other means, for example, as attachments to e-mail messages. A program called Applet Launcher allows users to run Java applets by double-clicking them.
For now, Intego has not found any malicious applets in the wild, but the publicity around this vulnerability will mean that hackers are likely to attempt to exploit it quickly, before Apple issues a security update. VirusBarrier X5 currently blocks this proof-of-concept malware, and will be updated to block any malicious Java applets that are discovered.
If you use Firefox, this setting is found on the Content tab of the program’s preferences. Intego VirusBarrier X5 with virus definitions dated May 20, 2009 or later detects this proof-of-concept applet and will be updated to block any malicious Java applets that are discovered. Intego recommends that users never download and install software from untrusted sources or questionable web sites, and that people use care when opening unexpected attachments to e-mail messages, even from friends and colleagues.