Remote execution exploit - Disable Java in your OS X Browser

Posted on Thu, 21 May 2009 in Security

Java - Evil EditionOk, first I want you to stop reading and go into your browsers preferences and disable Java. Seriously stop reading right now and disable Java now!

Please disable Java in your browser now!

There, now we can continue - Six months ago a really nasty exploit was discovered in Java. This exploit will let an attacker escape Javas sandbox and execute any command on the users system with the same privileges as the user. This is bad, as in

rm -rf \~

As in really really bad! This exploit is cross platform as it can be written in pure Java. Sun fixed it in December and Apple still hasn't updated their Java version in OS X, eventhough they updated Java back in February. Dear Apple, Please fix this nasty exploit as soon as possible - it's getting embarrassing. Update: As of June 15th 2009 ((Only 6 months late)) Apple has released a software update that fixes the remote exploit.