OS/Platform/Application:

Apple Mac OS X

Category: ALERT
Severity: HIGH
Attention: Mac users, System Administrators, Desktop Support Personnel.

Summary: Internet Security resources are reporting the existence of a vulnerability that affects Mac OS X systems.  OS X Version 10.5.7 is confirmed vulnerable; other (earlier) versions may be vulnerable as well.  The vulnerability is related to the handling of Java applets - the most likely mechanism of exploit would be the visitation of a maliciously-crafted web page or otherwise running of maliciously-crafted Java-based programs.

Recommended Actions:  At the time of this writing (7:45 AM 5/21/09) no fix is available from the vendor to address this issue.  OS X users are encouraged NOT to visit untrusted websites or open/handle files from unknown or untrusted sources until a patch is available.  Disabling browser Java applets and disabling the 'Open "safe" files after downloading' option in Safari are suggested by various sources as potential workarounds for this issue.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Secunia Advisory:
http://secunia.com/advisories/35118/

Landon Fuller's blog entry on issue:
http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html