Possible Java Security issue

Wednesday, May 20th, 2009

Reports are coming in about a security exploit in Java for Mac OS X. While this exploit does exist, the exploit allows a website with a malicious Java applet run software remotely  on your computer. This would require a malicious piece of software to already be on your computer.

I rate the security risk at a 3 out of 10.

“Several Mac security companies, Intego and SecureMac, have issued warnings related to an unpatched Java vulnerability that affects OS X. The flaw could be exploited to allow local code to be executed remotely, leaving the computer open to ‘drive-by-attacks’ which can install malicious software just by loading a website containing a specially crafted Java applet. Hackers could also access or delete files on a system,” MacNN reports.

“Disabling Java within the browser may serve as the best protection. Users can leave JavaScript enabled, as the issue only affects Java applets,” MacNN reports.

To turn off Java:

• Safari 4 Public Beta: Preferences>Security>Web content and uncheck “Enable Java.”
• Firefox 3: Preferences>Content and uncheck “Enable Java.”