Computerworld – (International) Macs at risk from "super dangerous" Java zero-day. Hackers are exploiting a zero-day vulnerability in Java 7, security experts said August 27. The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, with Java installed, said the engineering manager for Metasploit, an open-source penetration testing framework. The CTO of Errata Security confirmed that the Metasploit exploit, published less than 24 hours after the bug was found, is effective against Java 7 installed on OS X Mountain Lion. He said he was able to trigger the vulnerability with the Metasploit code in Firefox 14 and Safari 6 on OS X 10.8. Although the exploits now circulating in the wild have been aimed only at Windows users, it is possible Macs could also be targeted. What is more worrisome is the potential for other malware developers to use this in the near future, said antivirus vendor Intego. Java applets have been part of the installation process for almost every malware attack on OS X this year. The engineering manager for Metasploit called the bug super dangerous, noting that it was a drive by, meaning attackers could compromise computers simply by duping users into browsing to a Web site that hosts the attack code. Security experts have recommended users disable Java until Oracle delivers a patch.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
