Vulners
Lucene search
Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
| Reporter | Title | Published | Views | Family All 131 |
|---|---|---|---|---|
 | Mac OS X Java applet Remote Deserialization Remote PoC | 20 May 200900:00 | – | zdt |
 | CVE-2008-5353 | 3 Dec 200800:00 | – | circl |
 | CVE-2008-5353 | 5 Dec 200811:00 | – | cve |
 | CVE-2008-5353 | 5 Dec 200811:00 | – | cvelist |
 | Sun Java - Calendar Deserialization (Metasploit) | 20 Sep 201000:00 | – | exploitdb |
| Signed Applet Social Engineering - Code Execution (Metasploit) | 8 Jan 201100:00 | – | exploitdb |
| Apple Mac OSX - Java applet Remote Deserialization Remote (2) | 20 May 200900:00 | – | exploitdb |
| Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit) | 3 Dec 200800:00 | – | exploitdb |
 | Apple Mac OSX - Java applet Remote Deserialization Remote (2) | 20 May 200900:00 | – | exploitpack |
| Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit) | 3 Dec 200800:00 | – | exploitpack |
10
Critical Mac OS X Java Vulnerabilities
Introduction
Five months ago, CVE-2008-5353 and other vulnerabilities were publicly
disclosed, and fixed by Sun.
CVE-2008-5353 allows malicious code to escape the Java sandbox and run
arbitrary commands with the permissions of the executing user. This may
result in untrusted Java applets executing arbitrary code merely by
visiting a web page hosting the applet. The issue is trivially
exploitable.
Unfortunately, these vulnerabilities remain in Apple's shipping JVMs, as
well as Soylatte 1.0.3. As Soylatte does not provide browser plugins,
the impact of the vulnerability is reduced. The recent release of
OpenJDK6/Mac OS X is not affected by CVE-2008-5353.
Work-Arounds
* Mac OS X users should disable Java applets in their browsers and
disable 'Open "safe" files after downloading' in Safari.
* Soylatte users running untrusted code should upgrade to an
OpenJDK6-based release, where possible. No future releases of the
JRL-based Soylatte branch are planned at this time. If this is an
issue for you, please feel free to contact me.
* No work-around is available for users otherwise running Java
untrusted code.
Proof of Concept
Unfortunately, it seems that many Mac OS X security issues are ignored
if the severity of the issue is not adequately demonstrated. Due to the
fact that an exploit for this issue is available in the wild, and the
vulnerability has been public knowledge for six months, I have decided
to release a my own proof of concept to demonstrate the issue.
If you visit the following page, "/usr/bin/say" will be executed on your
system by a Java applet, with your current user permissions. This link
will execute code on your system with your current user permissions. The
proof of concept runs on fully-patched PowerPC and Intel Mac OS X
systems.
http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html
compiled/decompiled: http://exploit-db.com/sploits/2009-javax.tgz
# milw0rm.com [2009-05-20]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.89535