Landon Fuller reports that an almost six months old Java exploit has still not been fixed for Mac OS X. The exploit allows to compromise the Java sandbox in order to break out and run commands with the permissions of the executing user.
This issue is classified as serious as Java applets containing malicious code may be executed just by visiting a web page. Ladon Fuller says an illegal exploit is available in the wild. He prepared a proof of concept exploit that will make your Mac OS X computer say “I am executing in a user process“.
The exploit aswell applies to Intel as to PowerPC based Mac OS X systems running Safari or Firefox.
Some more background information and workarounds may be found on Fuller’s site.
Demo Exploits are in the wild for
Linux Acrobat Reader 8.14
Linux Acrobat Reader 9.1
Other operating system may also be affected.
As there is no patch available by Adobe at this moment, uninstalling the Acrobat Reader seems to be the best choice. Third party PDF readers are available all over the net. Find one of them here.