Search This Blog

Thursday, May 21, 2009

Apple Java is still not patched (after 6 months!)

Apple JVM has a critical vulnerability which enable malicious code execution on OSX based Apple. This vulnerability which was acknowledged early this year by Sun, has a couple of working exploit floating around and a PoC at the URL below:

http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html

There should be no reason why this is not patched, even after 6 months by Apple. In fact, this exploit was used in CanSecWest, but was disqualified because it has been patched by JRE 6 Patch 11. However all version including JRE 6 Patch 10 and below are affected. The catch though was that all has been patched except Apple.

So, my advice is : Apple people should disabled JAVA in both Safari and Firefox until this is fixed. Yes, that means no Internal Banking too. Run your Windows Vista via dual boot if you have to.

Secondly, also disable running of "Safe" download in your OSX.

Well, or be like me, DON'T USE OSX. :) Nope, sorry, I just notice not everyone knows how to install Windows Vista on a Mac.

No comments:

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.