Security News

Brian Krebs has published an article about a Java exploit that is being used in the wild. As part of the Metasploit framework – a hacking tool – this Java attack “has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and Linux systems.”

As the Metaslpoit blog points out, “This vulnerability is particularly pernicious, as it is cross-platform, unpatched on some systems, and is an easy-to-exploit client-side that does little to make the user aware they’re being exploited.”

Intego’s senior malware researcher told me that, “this threat is completely invisible, and anyone can get infected by visiting a malicious web site.” If you visit a web site, it might be infected, you may be redirected to another site, or there may be content on a web page that comes from another site… In other words, even seemingly safe sites may be infected by hackers who then take advantage of this exploit to infect Macs.

In other words, if you haven’t updated Java – we alerted you to the latest Java update four weeks ago – you’d better do so now. Launch Software Update and get the latest Java update.