I thought that the Mac OS didn’t have viruses or issues like Windows! That is what they say on the commercials. How wrong they are! US-CERT has just announced a new vulnerability that affects Mac OS through the latest Java Runtime Environment (JRE). Below is the statement:
Original release date: May 20, 2009 at 11:22 am Last revised: May 20, 2009 at 11:22 am
Current releases of Mac OS X (version 10.5.7 and version 10.4.11 with security update 2009-002) include a version of Java Runtime Environment (JRE) containing known security vulnerabilities. US-CERT is aware of publicly available exploit code for one of these vulnerabilities. This vulnerability may allow untrusted applets to obtain read, write, and execute permissions to local files and applications with the privileges of the local user. A fix for this vulnerability has been released by Sun, but Mac OS X users cannot apply the fix directly. Mac OS X users must use Apple updates to obtain updated JRE versions. At this time, Apple has not yet released an update to address this issue.
US-CERT encourages Mac OS X users to disable Java in each web browser they use until a patch is available from Apple. Guidance for disabling Java can be found in the Securing Your Web Browser document. Please note that disabling Java may affect the functionality of websites that use Java.