Apple has released a fix for a vulnerability in Java software running on Mac OS X machines.
After security researchers spotted active exploits making the most of the vulnerability, the update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, was released to near a dozen holes in Java 1.6.0_29. Apple said probably the most serious may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
That presumably refers to CVE-2012-0507, which researchers at Mac security firm Intego said was the newest variant of the password-stealing Flashback Trojan.
Intego said it had samples of variant ‘R' since 23March and were finding new samples and variants of this malware almost daily since then. It recommended Mac users turn off Java of their web browser.
It also said Java is not any longer supplied with Mac OS X 10.7 Lion, however the first time a user must run it â€" when a Java applet loads, or when a user launches a Java applet on their Mac â€" the system will ask if the user desires to download it; in that case, Apple provides the download directly and maintains its own version of Java.
Wolfgang Kandek, CTO of Qualys, said: “In addition, Mac users and IT admins for Macs should review whether Java is really needed for his or her usage. If not, Java will be disabled during the Java Preferences program. Just uncheck 64-bit and 32-bit versions.â€
Unpatched Java deployments are one of many largest malware threats facing enterprises today, in step with Microsoft.
Nessun commento:
Posta un commento
Comments links could be nofollow free