{"id":855,"date":"2009-05-20T15:20:19","date_gmt":"2009-05-20T14:20:19","guid":{"rendered":"http:\/\/blog.intego.com\/?p=855"},"modified":"2020-02-05T11:21:30","modified_gmt":"2020-02-05T19:21:30","slug":"intego-security-memo-java-vulnerability","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/","title":{"rendered":"&#8220;Java\/Evasion.A&#8221; vulnerability exploited &#8211; Intego Security Memo"},"content":{"rendered":"<p>A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow applications to run easily on multiple platforms and embedded in web pages, has a serious flaw that can allow local code to be executed remotely. This can lead to \u201cdrive-by attacks\u201d, where users are attacked simply by visiting a malicious web site and loading a web page. If a Java applet is loaded in a web browser, and malicious code is run, this flaw can allow hackers to run code and potentially access or delete files on any Mac, and run applications for which the user has permission. In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac.<\/p>\n<p>Apple has been aware of this vulnerability (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2008-5353\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2008-5353<\/a>) for at least five months, since it was made public, but has neglected to issue a security update to protect against this issue. Security researcher Landon Fuller has <a href=\"https:\/\/landonf.org\/code\/macosx\/CVE-2008-5353.20090519.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">published a proof-of-concept Java applet<\/a> that exploits this vulnerability to demonstrate how easy it is to run code remotely.<\/p>\n<p>Malicious Java applets can also be circulated by other means, for example, as attachments to e-mail messages. A program called Applet Launcher allows users to run Java applets by double-clicking them.<\/p>\n<p>For now, Intego has not found any malicious applets in the wild, but the publicity around this vulnerability will mean that hackers are likely to attempt to exploit it quickly, before Apple issues a security update. VirusBarrier X5 currently blocks this proof-of-concept malware, and will be updated to block any malicious Java applets that are discovered.<\/p>\n<p><img src=\"https:\/\/web.archive.org\/web\/20090610071123im_\/http:\/\/www.intego.com\/pix\/java_alert_big.png\" \/><\/p>\n<p>The best way to protect against this exploit is to deactivate Java in your web browser. In Safari, choose Safari &gt; Preferences, click the Security tab, and uncheck Enable Java if it is checked. It is safe to leave Enable JavaScript activated, since this vulnerability only affects Java applets.<\/p>\n<p><img src=\"https:\/\/web.archive.org\/web\/20090610071116im_\/http:\/\/www.intego.com\/pix\/safari_java_big.png\" \/><\/p>\n<p>If you use Firefox, this setting is found on the Content tab of the program\u2019s preferences.<\/p>\n<p>Intego VirusBarrier X5 with virus definitions dated May 20, 2009 or later detects this proof-of-concept applet and will be updated to block any malicious Java applets that are discovered. Intego recommends that users never download and install software from untrusted sources or questionable web sites, and that people use care when opening unexpected attachments to e-mail messages, even from friends and colleagues.<\/p>\n<p>Read the full <a href=\"https:\/\/web.archive.org\/web\/20090523162810\/https:\/\/www.intego.com\/news\/ism0905.asp\" target=\"_blank\" rel=\"noopener noreferrer\">Intego Security Memo<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow applications to run easily on multiple platforms and embedded in web pages, has a serious flaw that can allow local code to be executed remotely. This can lead to [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":8999,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13,11],"tags":[75,211,143],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;Java\/Evasion.A&quot; vulnerability exploited - Intego Security Memo - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2009-05-20T14:20:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-05T19:21:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg\",\"width\":\"400\",\"height\":\"260\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/\",\"name\":\"\\\"Java\/Evasion.A\\\" vulnerability exploited - Intego Security Memo - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage\"},\"datePublished\":\"2009-05-20T14:20:19+00:00\",\"dateModified\":\"2020-02-05T19:21:30+00:00\",\"description\":\"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8220;Java\/Evasion.A&#8221; vulnerability exploited &#8211; Intego Security Memo\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"&#8220;Java\/Evasion.A&#8221; vulnerability exploited &#8211; Intego Security Memo\",\"datePublished\":\"2009-05-20T14:20:19+00:00\",\"dateModified\":\"2020-02-05T19:21:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage\"},\"wordCount\":425,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg\",\"keywords\":[\"Java\",\"Java Vulnerability\",\"Vulnerabilities\"],\"articleSection\":[\"Apple\",\"Security &amp; Privacy\",\"Software &amp; Apps\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"\"Java\/Evasion.A\" vulnerability exploited - Intego Security Memo - The Mac Security Blog","og_description":"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow","og_url":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/","og_site_name":"The Mac Security Blog","article_published_time":"2009-05-20T14:20:19+00:00","article_modified_time":"2020-02-05T19:21:30+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg","width":"400","height":"260"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/","name":"\"Java\/Evasion.A\" vulnerability exploited - Intego Security Memo - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage"},"datePublished":"2009-05-20T14:20:19+00:00","dateModified":"2020-02-05T19:21:30+00:00","description":"A critical vulnerability in the version of Java included with Mac OS X currently puts Macs at serious risk. Java, a programming language that can allow","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"&#8220;Java\/Evasion.A&#8221; vulnerability exploited &#8211; Intego Security Memo"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"&#8220;Java\/Evasion.A&#8221; vulnerability exploited &#8211; Intego Security Memo","datePublished":"2009-05-20T14:20:19+00:00","dateModified":"2020-02-05T19:21:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#webpage"},"wordCount":425,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-security-memo-java-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg","keywords":["Java","Java Vulnerability","Vulnerabilities"],"articleSection":["Apple","Security &amp; Privacy","Software &amp; Apps"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/10\/java-icon.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-dN","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/855"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=855"}],"version-history":[{"count":2,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/855\/revisions"}],"predecessor-version":[{"id":90987,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/855\/revisions\/90987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8999"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}