Apple has released a fix for a vulnerability in Java software running on Mac OS X machines.
After security researchers spotted active exploits profiting from the vulnerability, the update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, was released to near a dozen holes in Java 1.6.0_29. Apple said the foremost serious may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
That presumably refers to CVE-2012-0507, which researchers at Mac security firm Intego said was the most recent variant of the password-stealing Flashback Trojan.
Intego said it had samples of variant ‘R' since 23March and were finding new samples and variants of this malware almost daily since then. It recommended Mac users turn off Java of their web browser.
It also said Java isn't any longer supplied with Mac OS X 10.7 Lion, however the first time a user must run it â€" when a Java applet loads, or when a user launches a Java applet on their Mac â€" the system will ask if the user desires to download it; in that case, Apple provides the download directly and maintains its own version of Java.
Wolfgang Kandek, CTO of Qualys, said: “In addition, Mac users and IT admins for Macs should review whether Java is really needed for his or her usage. If not, Java could be disabled throughout the Java Preferences program. Just uncheck 64-bit and 32-bit versions.â€
Unpatched Java deployments are among the many largest malware threats facing enterprises today, in keeping with Microsoft.
Nessun commento:
Posta un commento
Comments links could be nofollow free