Security News

Java and Sudo Exploits Added to Popular Toolkits

Posted on August 28th, 2013 by

JavaSudoExploits

This is apparently the week for people to add interesting things to exploit kits!

In case you've not already scoured all traces of Java from your machine, it's time for your (ir)regular reminder that Java is very problematic and should be updated religiously if you're going to use it at all. The Neutrino exploit kit has added code for a Java exploit that is unpatched in Java 6. Java 7 was patched in June of 2013.

And, that sudo vulnerability we mentioned a few months back has been added to the Metasploit exploit kit, which makes it easier for attackers to implement. It's still not fixed in OS X, though its utility is somewhat limited here. According to the Packetstorm post, "This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command." I imagine the bulk of users are in the latter camp, and the former is an excellent reminder that you shouldn't be running with Admin permissions for day-to-day activities. The NSA will even back me up on that recommendation! Granted, a malicious user or a trojan grabbing admin rights can get around those conditions.

If you're following good security practices, neither of these things are going to be a big deal for you. Just in case, here's a quick reminder:

  • Always password-protect and physically protect your machine against unauthorized access
  • Don't run unexpected files, and use layered security to protect against malware
  • Remove Java from your machine if possible, or make sure you're very religious about updating to the latest version
  • http://Mac-Security.blogspot.com Derek Currie

    Please do NOT remove Java entirely from any Mac. What’s dangerous is Java for web browsers, specifically the Internet plug-in. THAT is what you should get rid of, if you don’t need it. Meanwhile, Apple integrates a version of Java 6 into OS X which it uses whenever an application requires Java. This integrated version, found inside the System folder, is NOT vulnerable to all the web attacks and isn’t used on the web at all. It’s important to make this distinction. Otherwise you’ll find Mac desktop apps requiring Java don’t work any more, which is NOT what you want.

  • Lou

    Do you have any advice for what to do when you use
    applications that require Java? For example when you upgrade to Mountain Lion, Creative Suite applications say you need a Java SE6 runtime and ask if you
    would like to install.

    Also, does the advice that you shouldn’t be running admin permissions for day-to-day activities mean you shouldn’t use an admin account day-to-day or you shouldn’t login as root?