Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Intego Security Memo: Java/Evasion.A Java Vulnerability

May 2009 by Intego Security Alert

Exploit: Java/Evasion.A

Discovered: May 19, 2009

Risk: Serious

Description: A critical vulnerability in the version of Java included with Mac OS X
currently puts Macs at serious risk. Java, a programming language that can allow
applications to run easily on multiple platforms and embedded in web pages, has a
serious flaw that can allow local code to be executed remotely. This can lead to “driveby
attacks”, where users are attacked simply by visiting a malicious web site and
loading a web page. If a Java applet is loaded in a web browser, and malicious code is
run, this flaw can allow hackers to run code and potentially access or delete files on any
Mac, and run applications for which the user has permission. In addition, if this flaw is
executed together with a privilege escalation vulnerability, hackers could remotely run
any system-level process and get total access to any Mac.
Apple has been aware of this vulnerability for at least five months, since it was made
public, but has neglected to issue a security update to protect against this issue. Security
researcher Landon Fuller has published, on his web site, a proof-of-concept Java applet
that exploits this vulnerability to demonstrate how easy it is to run code remotely.

Malicious Java applets can also be circulated by other means, for example, as
attachments to e-mail messages. A program called Applet Launcher allows users to run
Java applets by double-clicking them.

For now, Intego has not found any malicious applets in the wild, but the publicity
around this vulnerability will mean that hackers are likely to attempt to exploit it
quickly, before Apple issues a security update. VirusBarrier X5 currently blocks this
proof-of-concept malware, and will be updated to block any malicious Java applets that
are discovered.

Means of protection: The best way to protect against this exploit is to deactivate Java
in your web browser. In Safari, choose Safari > Preferences, click the Security tab, and
uncheck Enable Java if it is checked. It is safe to leave Enable JavaScript activated,
since this vulnerability only affects Java applets.

If you use Firefox, this setting is found on the Content tab of the program’s preferences.
Intego VirusBarrier X5 with virus definitions dated May 20, 2009 or later detects this
proof-of-concept applet and will be updated to block any malicious Java applets that are
discovered. Intego recommends that users never download and install software from
untrusted sources or questionable web sites, and that people use care when opening
unexpected attachments to e-mail messages, even from friends and colleagues.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts