Specifically, the security update addresses a Java flaw in both the Leopard and later versions of the Tiger operating systems that could allow hackers to execute malicious code remotely on the Mac OS X. The flaw can lead to "drive-by" attacks, which leave users susceptible to becoming infected simply by visiting a malicious Web site or clicking on an infected link. Malicious Java applets also can be distributed as attachments to e-mail messages, usually delivered in a social engineering scheme.
Java is a programming language that allows applications to run easily on multiple platforms and is embedded in Web pages.
Once malware is installed, hackers can then change or delete programs, view and steal sensitive information, run applications with full user rights or entirely shut down a user's Mac.
The Java flaw, which was first published in December 2008, came into the public eye again last month after security researcher Landon Fuller published a proof-of-concept exploit code on his Web site demonstrating how the vulnerability could be exploited in the wild to execute malicious attacks or take control of a user's computer.
"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller said in a blog post. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been made public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue."
Apple has come under fire from the security community for failing to address the Java bug for at least six months after it was first published.
While the Java error was made public and patched by its creator Sun Microsystems on Dec. 3, until Monday it had yet to be addressed with an update by Apple -- which has its own version of Sun's Java for the Mac OS X.
As a workaround, Apple recommended that users disable Java in Safari or Firefox until a patch could be created and deployed. The Java patch is automatically available for Mac users and requires a restart for installation. Once the update is downloaded, users can safely reinstall Java in their Web browsers.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
