I somehow missed the initial mention of this on Bugtraq and the other usual sources but finally picked up on it via SANS.
There is a vulnerability in the Sun JVM that is used in browsers to execute applets that can be exploited by a malicious web site or HTML email to bypass all security restrictions imposed by the applet sandbox. This is a major issue as it will allow for mass exploitation of machines - not just Windows but all desktops with Java enabled browsers - by spammers, worms and other nasties.
This may possibly be the entry point that could lead to the first true multi platform worm. Developing such a worm would be a big challenge especially if it is to be truly multi platform, but you would only need to target certain distributions of Linux and Windows in general to make a big impact. The days where every Unix user will notice an additional process on his box is also long gone, how many of the masses of recent Linux converts run ps regularly and even if they did can tell you what the processes mean?
Leave a comment