Apple’s ignoring Mac security bug makes a hacker warn users

In order to draw attention to long-standing security problem in Apple's Mac OS X operating system, Landon Fuller, a security researcher has posted attack code that exploits that defect in OS. 

The software, which can be used by anyone to run an unauthorized system on a Mac, exploits a bug in the Java software. That bug was fixed on December 3, 2009 by Sun Microsystems, Java's creator. But Apple ignored that bug detection, and the fix in the problem still didn’t appear in Apple’s software updates. 

"Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated," Fuller wrote in a blog posting describing the issue. "Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept."

Fuller’s code makes computer say "I'm executing an innocuous user process", but it could be adapted by criminals. 

Mac users are advised to disable Java in their Web browser until Apple fixes the issue. "This vulnerability could be exploited to perform 'drive-by-downloads' commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user," the company noted on its web-site. According to that note, user has to visit a web page hosting a malicious Java applet to be exploited.

Apple spokeswoman said Wednesday that Apple is "aware of the issue and we are working on a fix." Security updates for Mac OS software were released last week.