New 'super dangerous' Java zero-day flaw affects OS X
Hackers are exploiting a zero-day vulnerability in Java 7, security experts said today.
The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed, said Tod Beardsley, the engineering manager for Metasploit, the open-source penetration testing framework used by both legitimate researchers and criminal hackers.
David Maynor, CTO of Errata Security, confirmed that the Metasploit exploit -- which was published less than 24 hours after the bug was found -- is effective against Java 7 installed on OS X Mountain Lion. "This exploit works on OS X if you are running the 1.7 JRE [Java Runtime Environment]," said Maynor in an update to an earlier blog post. JRE 1.7 includes the most-current version of Java 7, dubbed "Update 6," that was released earlier this month.