August 29, 2012
Macintosh Computers Vulnerable To Java Exploit
Michael Harper for redOrbit.com — Your Universe Online
A vulnerability in Java is once again being blamed for a possible exploit of Mac and Windows computers alike, causing some security experts to recommend uninstalling Java as they exclaim, "Please, for the love of your computer, disable Java on your browser."This new Java vulnerability was discovered last week in the latest Java 7 runtime from Oracle. In the beginning, this exploit was relatively unknown and most often found on Windows machines.
“As a user, you should take this problem seriously, because there is currently no patch from Oracle," wrote a Rapid7 exploit developer in a blog post on Monday.
"For now, our recommendation is to completely disable Java until a fix is available."
One day later, the code used to exploit this vulnerability and attack these computers was added to BlackHole, a hacking kit sold in the shady, back alley marketplaces of the Internet. Now, this exploit has become more widely known, making the notion of running Java on a machine even more dangerous.
“There being no latest patch against this, the only solution is to totally disable Java,” writes the security experts at F-Secure, according to Ars Technica.
"Since this is the most successful exploit kit + zero-day... que horror. Please, for the love of your computer disable Java on your browser."
Any user with Java installed and enabled in their browsers are now even more vulnerable to drive-by attacks as they surf the web. This vulnerability, which is being referred to as zero-day, works by completely getting around any security “sandboxing” on a machine, making all sorts of sensitive OS level functions vulnerable to attack. By exploiting this zero-day vulnerability, hackers have unsigned, unprivileged access to many files, including security files within Java.
"The vulnerability consists of a privilege escalation due to a class that allows access to protected members of system classes, which should not be accessible. Because of this, malicious code can bypass the restrictions imposed by the sandbox and use the 'getRuntime(0.exec()' function,” says Symantec.
While many have noticed this exploit on Windows machines, one security expert has said a Mac he tested was only able to partially execute the exploit code. Though this vulnerability hasn´t affected Macs in the same way a previous exploit was able to, Mac users should still exercise caution and delete Java if they don´t need it or aren´t sure if they need it or not.
In a recent article by The Next Web, Emil points out that many experts are now simply suggesting the best way to protect a machine against these sort of attacks is to simply disable Java altogether. In fact, Microsoft even admonished their users to either keep their Java plugin updated or kill it.
One company, DeepEnd, is offering an unofficial patch for the vulnerability, though anyone wanting this patch has to send in a request and explain their need for the patch. Even then, the company suggests the easiest route is to simply disable or uninstall Java.
Experts for F-Secure, Kaspersky and Sophos all agree: Disabling Java is best, but if you know you´ll absolutely need it, set up a firewall or use a separate browser just for those sites where you´ll need Java enabled. Oracle has yet to release a patch for this new zero-day vulnerability.