Blueprint to exploit OS X Java flaw published

May 22, 2009
by Michael W. Jones

Blueprint to exploit OS X Java flaw publishedOne well-known security expert has grown tired of waiting for Apple to provide a fix for a Java security flaw and has published a post showing how to take advantage of the flaw.

Security researcher Landon Fuller published a proof of concept for a Java exploit of the flaw on Tuesday, saying that he was attempting to get Apple to finally do something about the problem, which Apple has known about for over six months with no action yet out of Cupertino. Fuller’s instructions, which show hackers a way to remotely take control of an OS X system through that unfixed security breach, were posted online.

Fuller said in his release of the exploit of the blueprint, “Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue.”

Some security watchers, such as the Security Fix blog, have noted that it often takes Apple at east six months to repair breaches such as this one and to get them pushed out into the user base. This blog goes on to note that although six months may seem like a long time to address a particularly dangerous vulnerability, but it’s about par for the course with Apple and its record on patching Java flaws. Brian Krebs says in that blog, “I have reviewed the last three Java updates that Apple shipped during the past 18 months, and found that Apple patched Java flaws on average about 166 days after Sun had shipped its own patch to fix the same vulnerabilities.”

It does not seem that prior misconduct should be used as an excuse for current bad conduct, yet that is exactly what Krebs seems to be saying. They have done poorly before, so it’s all right to do poorly now. That is like saying, “Yes, he was always too late to keep the baby from falling off the building, so what’s the big deal with this latest baby?” If Apple is going to run ads ad infinitum telling the world that it is safer than Window, it should have the common good sense to patch its widely known security flaws with some dispatch.

  • Digg
  • Facebook
  • Mixx
  • Reddit
  • Twitter
  • StumbleUpon


Related Posts:

Posted in Apple, Hacks, OS X, Security | 1 Comment » Read more from Michael W. Jones

One Response to “Blueprint to exploit OS X Java flaw published”

  1. rmogull:
    May 22nd, 2009

    That’s not what Brian is saying at all- in fact, he’s trying to highlight how bad Apple is at patching. Methinks you totally misread that.

Leave a Reply:


Recent stories

Featured stories

RSS Technology news

RSS Windows News

RSS iPhone & Touch

RSS Mobile technology news

RSS Green tech

RSS Buying guides

RSS Gaming news

RSS Photography news

Copyright © 2009 Blorge.com