Landon Fuller reports that an almost six months old Java exploit has still not been fixed for Mac OS X. The exploit allows to compromise the Java sandbox in order to break out and run commands with the permissions of the executing user.
This issue is classified as serious as Java applets containing malicious code may be executed just by visiting a web page. Ladon Fuller says an illegal exploit is available in the wild. He prepared a proof of concept exploit that will make your Mac OS X computer say “I am executing in a user process“.
The exploit aswell applies to Intel as to PowerPC based Mac OS X systems running Safari or Firefox.
Some more background information and workarounds may be found on Fuller’s site.
Considering the Apple Ads about virus-plagued and unsafe PCs, this is ridiculous and sad at the same time. Repeatedly.