Java Runtime Environment in Mac OSX
Tuesday, May 26, 2009 at 08:42PM
drStrangeP0rk in Mac OSX JRE Vulnerabilities

Java Runtime Environment in Mac OSX has vulnerabilities that Sun has released updates to. Apple will have to provide an update via Software Update for general users shortly, see references from a complete list from the Sun Solve site. The issues include privilege escalation, failure to check signatures, buffer overflows, parsing of Zip allowing reading of arbitrary memory and code from local system accessing the local host. The current test below will result in a bootstrap failure.

At this time users should disable Java, if however it is needed then only trusted sites' .class and JAR files should be run. 

 <<Note: Test site below is a link to test CVE-2008-5353, it will cause your system to crash. Currently Virus Barrier is detecting this security hole. It is not a live link, you are responsible, you have to cut and paste the link.>>

http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html

Update on Sunday, May 31, 2009 at 08:19AM by Registered CommenterdrStrangeP0rk

Marc Schoenefeld has posted information on how to install a non-OSX java distribution and a link to a site with the exploit. Currently Virus Barrier detects and will put the virus into quarantine. You should of course delete the class files which all have the Java/Evasion.A virus.

 

http://www.illegalaccess.org/

Update on Tuesday, June 16, 2009 at 08:21AM by Registered CommenterdrStrangeP0rk

Apple has released updates to the Java Platform released by Apple. Make sure to select update from Software Update to install these updates, they are critical. When installing the update make sure no applications that use Java are running before installing. This fixes many of the issues including preventing Java applets/applications from running and gaining elevated privileges.

http://support.apple.com/kb/HT3633

http://support.apple.com/kb/HT3632

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.