Dupa problemele generate de catre malware-ul Flashback, multe companii dezvoltatoare de software de securitate au inceput sa acorde o mai multa importanta platformei OS X, iar acest lucru a generat o crestere a rapoartelor privind problemele de securitate. In aceasta idee CEO-ul Errata Security a discutat cu cei de la ComputerWorld anuntandu-i ca in momentul de fata hackerii exploateaza o vulnerabilitate foarte periculoasa a OS X. Vulnerabilitatea se regaseste in JRE 1.7 care contine update-ul 7 al Java si el poate fi exploatat din orice browser, indiferent pe ce sistem de operare il utilizati, deci nu doar OS X-ul este afectat.
Hackers are exploiting a zero-day vulnerability in Java 7, security experts said today. The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed, said Tod Beardsley, the engineering manager for Metasploit, the open-source penetration testing framework used by both legitimate researchers and criminal hackers. David Maynor, CTO of Errata Security, confirmed that the Metasploit exploit — which was published less than 24 hours after the bug was found — is effective against Java 7 installed on OS X Mountain Lion. “This exploit works on OS X if you are running the 1.7 JRE [Java Runtime Environment],” said Maynor in an update to an earlier blog post.
In momentul de fata hackerii ataca doar platforma Windows cu acest exploit, insa CEO-ul Errata sustine ca si platforma OS X este vulnerabila prin browserele Safari 6 si Firefox 14. Practic platforma OS X deocamdata nu este atacata, expertii in securitate informatica avertizeaza ca hackerii si-ar putea indrepta atentia si catre ea, un posibil update al Java poate rezolva problema, dar acesta nu va fi lansat pana pe 16 octombrie. Pana una alta aveti grija pe ce dati click, ce website-uri accesati deoarece sistemul de operare poate fi exploatat fara ca voi sa stiti.
What is more worrisome is the potential for this to be used by other malware developers in the near future. The exploit in all major browsers and appears to work on some versions of Linux, OS X 10.7 and higher, as well as Windows, if you’re using the latest version of Java. Java applets have been part of the installation process for almost every malware attack on OS X this year. Oracle is on a quarterly patch schedule, which means the next likely patch will not be released until October 16.
