Ex-Apple engineer posts proof of concept for Mac OS X flaw
Wednesday, May 20, 2009
A former employee of Apple yesterday posted a proof of concept on his blog for a months-old security flaw in Mac OS X that he said Apple has ignored.
Landon Fuller, formerly an engineer for Apple, said on his blog that he published proof-of-concept for a Java vulnerability that has not been plugged by Apple because "it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated."
The blog features a link that Fuller said will execute malicious code on fully-patched PowerPC and Intel Mac OS X systems.
The vulnerability, which was uncovered six months ago, allows malicious code from Java to run arbitrary commands with the permissions of the executing user, Fuller said in the blog, which he posted Tuesday.
Untrusted Java applets could then execute arbitrary code if a user visits a web page hosting the applet, the blog said.
"Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue," Fuller wrote.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
