This flaw in the way the OS handles Java is present in all versions of OSX even the latest version 10.5.7. The vulnerability could be used to infect a system just by visiting a compromised page.
Once the user has browsed to that page the code can be executed at the same permissions level as the currently logged in user.
Now given the hype that Macs are impervious to malicious code it is likely that this could be easily exploited by a ne'er do well bent on hacking into your pricy and clean new Mac. After all Mac users do not have to worry about opening suspicious links do they?
Read more here.
The vulnerability could be used to perform what SecureMac refers to as "drive-by-downloads," or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.
In a post on his Web site, Fuller clearly seems upset and mystified that the vulnerability remains unpatched in the latest versions of the operating system.
"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller said on his site. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue."
- > NEXT STORY: CM Storm Sentinel Advance gaming mouse (video)
- < PREVIOUS STORY: New Rumor, Apple to make Game Console