Gone are the days where people could buy a Mac and not have to worry about any malicious access or attacks. There have been several exploits found, including this new one that ComputerWorld reports was found by Tod Beardsley, CTO of Metasploit.
This new vulnerability is present only in Java 7, not previous versions including Java 6. This unpatched bug can be exploited through any browser, running on any operating system that has Java installed. Currently the exploit has been tested and exploited with much ease on Apple’s latest operating system, OS X 10.8 or Mountain Lion.
Not everyone may be at risk however. Apple stopped including Java in their operating systems with the launch of Lion, which it continued in the release of Mountain Lion. So if you never visit any Java applets then you are safe, as only upon visiting one, are you promoted to download Java onto a Mac running Mac OS X 10.7 or higher. People running the older versions of Apple’s operating system, Snow Leopard and Leopard are even more at risk for attacks as Java was included in the operating system.
So far only Windows computers have been targeted but the vulnerability is still present in Macs. Beardsley recommends that users disable Java until Oracle delivers a patch for this exploit. Mac users can disable Java from within their browser or by removing Java 7 from their computer. To remove it, select “Go to Folder” from the Finder’s “Go” menu, and enter “/Library/Java/JavaVirtualMachines/” and drag the file “1.7.0.jdk” into the Trash.
Beardsley called the bug “super dangerous as it was “totally a drive by,” meaning that attackers could attack a Mac or other computers, simply by having users browse to a malicious or previously hacked website. Maynor said that “this is as about as bad a bug as I’ve ever seen“.
Have you have your Mac hacked or attacked before? Share your experience with us in the comments. If you know what caused it, do let our readers know to help prevent it happening to others.