Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Java Poses Significant Security Threat to OS X

Severity: Medium

14 December, 2007

Summary:

  • This vulnerability affects: OS X 10.4.x (not Leopard, 10.5)
  • How an attacker exploits it: By enticing your users to a malicious web site
  • Impact: Attacker executes code on your user’s computer, or modifies your user’s Keychain (passwords), potentially gaining complete control of your user’s computer
  • What to do: Install Java Release 6 as soon as possible

Severity: Medium

14 December, 2007

Summary:

  • This vulnerability affects: OS X 10.4.x (not Leopard, 10.5)
  • How an attacker exploits it: By enticing your users to a malicious web site
  • Impact: Attacker executes code on your user’s computer, or modifies your user’s Keychain (passwords), potentially gaining complete control of your user’s computer
  • What to do: Install Java Release 6 as soon as possible

Exposure:

Today, Apple issued an alert fixing multiple vulnerabilities in the Java component that ships with OS X 10.4. Leopard (10.5) users are not affected by these vulnerabilities. Apple doesn’t explain these vulnerabilities in technical detail; instead, they describe the potential impact of these flaws. For instance, an attacker can exploit multiple unspecified flaws in Java and Java2 Standard Edition (J2SE) to either execute code or elevate his privileges on your user’s OS X computer. An attacker could also exploit another unspecified Java flaw to add or remove items from your user’s Keychain, which is essentially OS X’s password store. More simply, the attacker can mess with your passwords. In order to exploit any of these vulnerabilities, an attacker would have to entice one of your OS X users into visiting a malicious web page containing specially crafted Java code.

Solution Path:

Apple has issued Java Release 6 for OS X 10.4 to correct these flaws. If you manage OS X 10 computers, we recommend you download, test and deploy Java Release 6 [direct link to dmg] as soon as possible..

OS X’s Software Update automatically detects updates such as this one for OS X and then informs you, so that you can install the update as soon as possible. We recommend that you set Software Update to check for new updates daily, and allow it to assist you in keeping your Apple software current.

For All Users:

These attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most Firebox models automatically blocks Java bytecode by default. If you manage a Firebox with its default HTTP-Proxy, your users will not be able to download the malicious code needed to trigger many of these vulnerabilities.

Status:

Apple has released Java Release 6, which fixes these issues.

References:

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...