Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MacOS Users vulnerable to Blackhole exploit kit - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MacOS Users vulnerable to Blackhole exploit kit

If you own a MacOS computer, you might want to disable java for a while until Oracle develops a patch to solve CVE-2012-0507 vulnerability, because there is a Blackhole Exploit Kit version in the wild exploiting this vulnerability and it also can be exploited using metasploit.

If you want to disable java plugins in your MacOS computer, Marcus J. Carey created a video showing how to do it.

More information about this issue at https://www.f-secure.com/weblog/archives/00002341.html

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail:msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
This does or does not pertain to all Apple devices, namely iPad, and the like?
Anonymous
No. This only applies to OS X. iOS (iPad, iPhone) does not run Java.
Johannes

3481 Posts
ISC Handler
Just wanna make sure...... The update you mention in your "UPDATE" section fixes CVE-2012-0507 correct?

With your UPDATE post being at the top, I was confused when reading this since I didn't see the original article before you posted the update

Thanks for the great work Handlers!!
K-Dee

63 Posts
The complete list of patched CVEs is now live here:
support.apple.com/kb/… . It does include CVE-2012-0507
Johannes

3481 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!