Security Experts: Zero-Day Java 7 Exploit Is “Super Dangerous” To Mountain Lion Macs

Security Experts: Zero-Day Java 7 Exploit Is “Super Dangerous” To Mountain Lion Macs

According to several U.S. security agencies, a hack burrowing dangerously around the web through browser-based Java software has already hit Windows and is a serious danger to Mountain Lion OS X.

While the latest Java update, Java 7, has seen stable performance, security personnel have warned it is vulnerable to numerable exploits over the last year.  Oracle has consistently updated critical patches to fix security bugs, with the last update two months ago fixing 14 dangerous vulnerabilities.

Like other Java bugs, today’s “zero-day” bug is aimed at duping users to visit a website filled with malicious code. When the user visits that website, the infected applet downloads itself onto the clean computer. In order to protect yourself immediately, security businesses and anti-virus developers recommend disabling all of your Java plug-ins and erasing Java 7 from your computer. However, that might be a bit of overkill. Disabling Java to install applets from untrusted sources should be enough.

A “Zero-day” attack is a hack to a previously unknown app vulnerability, meaning it causes the damage the first day it’s found.

Experts warned the security community earlier this morning about the dangerous hole. They said the exploit can be used in OS X systems running the 1.7 Java Runtime Environment, which comes with the latest software upgrade. The bug was activated by the security programmers through the Metasploit code in Firefox and Safari browsers, as well as in Microsoft Explorer. So far, the bug has only appeared in Microsoft Windows systems but the experts say it’s a matter of time before it is found in Apple computers.

Even if the bug is protected by proper security procedures, the experts warn the vulnerability could be around for awhile. The current version of the Java application has been the source of big security breaches in the past year.

UPDATE: We’ve been notified that Mac users are only at-risk of the bug if they install the new Oracle 1.7 build. So most Mac users should be safe. Thanks to @miketrose.

Photo: fdecomite/Flickr (CC 2.0)
Related
  • Mitch Sebastion Koshney Petersen

    Anyone know how to disable the feature listed in the article?

  • NJaw

    Go to Safari Preferences -> Security and uncheck the box next to Enable Java

  • iamcornelis

    CNET noted earlier today that most Mac users are not currently susceptible to the issue, as Java 7 is not installed by default on Macs. The current version of Java installed on Mac remains Java 6 for the time being, so users would have to have manually updated to Java 7 in order for their systems to be vulnerable.

  • mr_bee

    This would seem to be pure FEARMONGERING since JAVA IS NOT INSTALLED BY DEFAULT in Mountain Lion and furthermore, requires you to personally re-activate it and re-download it when you upgrade from an earlier system (if you had it activated in the earlier system).

    Anyone who reactivated it without thinking during the upgrade or turned it on for some other purpose should be responsible enough to know what they were turning on.

  • Macnetar

    Mac market share is slowly increasing. For the security firms this is an emerging market. Just keep this in-mind when reading these type of articles.

About the author

Jose FermosoJose Fermoso is a freelance reporter and researcher. He has written freelance for many tech and business publications. He is a former writer for Wired.com and GigaOm. Loyal Oaklander. Twitter @fermoso.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News |