A new security exploit in Java 7 is affecting Mac, Windows, and Linux users alike, according to an engineering manager for Metasploit, an open-source penetration testing framework. The vulnerability is described as “super dangerous,” since an attack can be triggered simply by visiting a hacked or intentionally malicious website. OS X Lion and Mountain Lion do provide a modest level of protection, since Java isn’t installed by default on the operating systems, which also ask users if they want to run the software.
More directly under threat are Leopard and Snow Leopard users, who do have Java preinstalled. With those two platforms Apple also chose to spin off its own Java releases, slowing down the potential response time for new threats. Apple will likely issue patches in the near future.
Java has been the main attack vector against Macs in recent months. Most famously OS X was targeted by the Flashback series of trojans, which were ultimately subdued but at one point had infected over 100,000 systems. Apple faced criticism for being slow to respond, since a vulnerability exploited by the trojans had already been fixed by Oracle months prior.