ProjectOSX

Welcome Guest!

Returning User? Login here.

Want membership privileges? Register here.

 
Start a new topicClosed
> Java exploit has been made public, many OSX browsers affected
aprodigy
post May 20 2009, 05:47 PM
Post #1
try this:

http://landonf.bikemonkey.org/static/moab-...5353/hello.html

funny, uh?
works fine with my ff and safari 4. opera seems to devliver it's own java-re, nothing happends with it here.

anyway, what this exploit does: it calls '/usr/bin/say' to do that sound output. it could be doing 'many different' things, of course ;)

well, and all of this, because apple is still behind of releasing a java update for osx and to us regular users. it has been seeded to developers some time ago but we (non-paying adc-peeps) are still waiting for it...

sun's closed these security holes a half year ago and even though it's still a drive-by-download 'feature', most users just 'will' click where told. sooner or later, this will become some serious problem if apple doesn't start caring about issues like these in a more apropriate time frame.

not too long ago, 'it-experts' all around the world recommended to disable active-x in the IE - now the same so called 'it-experts' yell for disabling java in OSX browsers. however, *lol*, they still recommend to disable java on other platforms just in case and anyway ;)

and for anyone interested, some dev info about the exploit

everyone capable of using a java compiler should be able to write custom exploits that simply work and actually do things ;)
aprodigy
post Jun 16 2009, 10:10 AM
Post #2
a 'java update' that addresses this problem is now available to anyone through e.g. the software-update!
Slice
post Jul 13 2009, 01:45 PM
Post #3
Solved?
QUOTE
The applet has been disabled.
Пожалуйста, прочитайте ЧаВо!
i3-2120 GA-H61M-S1, Radeon HD6670, ALC887(VoodooHDA 2.8.4), OS⌘10.9.2, OS⌘ 10.7.5 Clover FakeSMC_plugins_3.3.1 Realtek LAN v3.1.2
aprodigy
post Jul 14 2009, 07:29 AM
Post #4
yap.

ClosedStart a new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: