So MacOS X users, please disable Java in your web browser. This is close to the holy grail of client-side vulnerabilities.” This exploit will work on all the platforms, all the architectures and all the browsers!” he warns, “Mine has been tested on Firefox, IE6, IE7, IE8, Safari and on MacOS X, Windows, Linux and OpenBSD and should work anywhere. This means you can write a 100% reliable exploit in pure Java.
Java 1.6 mac os how to#
After a lot of technical talk about how to exploit it, he concludes that it’s pretty special. Google employee Julien Tinnes details on his blog just how dangerous this security flaw is for Mac users.
It can be used to create a “write once, exploit everywhere” exploit, assuming you do not have applied a fix for this one yet, which at this point comes down to just Mac OS X users. Now, we have to take a closer look at just how serious this flaw is. While most operating systems have mostly been patched by now, because they use Sun’s JRE or any of the other fixed implementations, Apple’s impementation still hasn’t been fixed (not even in last week’s 10.5.7 update). This bug is pretty old, first reported to Sun in August last year. There’s one important shipping Java implementation that still has not been fixed to remove this security flaw: Apple’s Java. This flaw was present in OpenJDK, GIJ, icedtea and Sun’s JRE, but it got fixed in those. Six months ago, a certain security flaw in Java was fixed by Sun.
0 kommentar(er)
