Yet another proof of concept for yet another scary exploit, the kind that can leave you “pwnd” with neither your participation nor knowledge. Still, it’s easy to obviate any potential threat and the inconvenience should be minimal.
SecureMac reports that Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the current OS X Java Runtime Environment. While the proof-of-concept is harmless by design, this vulnerability is otherwise “shovel ready” and could be used to take over a fully patched, software up-to-date Mac, including those running OS X 10.5.7. SecureMac reports:
This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited.
Thereupon, SecureMac recommends that users disable Java applets in their web browser until Apple patches their implementation of Java. You can turn off this functionality by 1.) Opening Safari; 2.) open preferences (âŒ˜ + comma); 3.) click the Security tab; and 4.) uncheck the “enable java” tick box.
Further, users should also disable the “open ‘safe’ files after downloading” option in the Safari’s General preferences tab. You will want to likewise tweak the preferences of any browser (ie Firefox, Camino, iCab, Stainless, etc) you use as this vulnerability affects them, as well.
Be a afraid?
So, is the sky falling? Well, of course, it is””what else would you expect with gatekeepers like SecureMac, Intego, Symantec, etc on duty? Nevertheless, protecting yourself is easy and relatively pain free…
Will you try to gird your virtual loins by applying these simple preference tweaks or even these small measures too much trouble?