Viruses/Worms News

Ex-Apple engineer posts proof of concept for Mac OS X flaw

Wednesday, May 20, 2009

A former employee of Apple yesterday posted a proof of concept on his blog for a months-old security flaw in Mac OS X that he said Apple has ignored.

Landon Fuller, formerly an engineer for Apple, said on his blog that he published proof-of-concept for a Java vulnerability that has not been plugged by Apple because "it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated."

The blog features a link that Fuller said will execute malicious code on fully-patched PowerPC and Intel Mac OS X systems.

The vulnerability, which was uncovered six months ago, allows malicious code from Java to run arbitrary commands with the permissions of the executing user, Fuller said in the blog, which he posted Tuesday.

Untrusted Java applets could then execute arbitrary code if a user visits a web page hosting the applet, the blog said.

"Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue," Fuller wrote.
ADNFCR-1765-ID-19179199-ADNFCR

Related News:

Researchers: Malware attackers reloading for Windows 7 assaults - 11.20.2009
A report issued yesterday by computer security firm Symantec says that hackers are undoubtedly reworking their malicious software to target Windows 7 as more users switch to the latest version of Microsoft's flagship OS.

Want to secure your iPhone against intruders? There's an app for that - 11.20.2009
Cisco Systems today released a free iPhone app that will allow users to receive security updates and the latest news on web threats, as well as aggregating additional security related content for iPhone users.

Microsoft says 64-bit versions of Windows are harder to infect - 11.19.2009
Members of Microsoft's security team write that 64-bit editions of Windows are much less susceptible to malware attacks, but outside experts caution that 64-bit malware could be the next big thing in cyber crime.

Google coming down hard on malicious advertisers - 11.18.2009
Search giant Google has said that it will lay down the law where scam artists and malvertisers are concerned: Permanent bans will be the result of any fraudulent activity on the company's AdWords service.

If at first you don't succeed: Most malware protection fails first round of certification testing - 11.17.2009
A study performed by security testing and research firm ICSA Labs says that almost four out of five computer security products fail their first certification tests and need to be retooled for a second and sometimes a third attempt.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now