Submission + - MacOS X users vulnerable to major Java flaw
FruitWorm writes: Security researchers found that MacOS X users are vulnerable to a critical, 6 months old, remote vulnerability in Java, a component that is enabled by default in Web browsers on this platform.
Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is "a pure Java vulnerability" and doesn't involve any native code.
It affected not only Sun's Java but other implementations such as OpenJDK as well on multiple platforms, including Linux and Windows. "This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers" Julien wrote.
Apparently, this bug had been demonstrated during the Pwn2own security challenge this year at CanSecWest, although the details were not made public at that time. MacOS X users are recommended to disable Java in their browsers while Apple is working on a security update.
Julien Tinnes notes that this vulnerability differs from typical Java security flaws in that it is "a pure Java vulnerability" and doesn't involve any native code.
It affected not only Sun's Java but other implementations such as OpenJDK as well on multiple platforms, including Linux and Windows. "This means you can write a 100% reliable exploit in pure Java. This exploit will work on all the platforms, all the architectures and all the browsers" Julien wrote.
Apparently, this bug had been demonstrated during the Pwn2own security challenge this year at CanSecWest, although the details were not made public at that time. MacOS X users are recommended to disable Java in their browsers while Apple is working on a security update.