Mac owners warned of Java flaw

If you own a Mac you should make sure Java is disabled in both the Safari and Firefox web browsers in order to protect yourself from a malicious attack.

Security firm Intego has warned of a flaw in the Mac OS that could make Macs vulnerable to 'drive-by download' attacks, which occur when you visit a web page infected with malware.

"If a Java applet is loaded in a web browser, and malicious code is run, this flaw can allow hackers to run code and potentially access or delete files on any Mac, and run applications for which the user has permission," Intego said in a statement.

"In addition, if this flaw is executed together with a privilege escalation vulnerability, hackers could remotely run any system-level process and get total access to any Mac," it continued.

Proof-of-concept code that is capable of exploiting the flaw was posted online by security researcher Landon Fuller.

Intego claimed that Apple had been aware of the problem for at least five months but not issued a fix.

Apple confirmed that it was a known issue and that it was working on a fix.

Intego suggested you should go to Preferences, click the Security tab, and uncheck Enable Java if it is checked to secure the Safari browser.

In Firefox, you should go to Tools, Options and click on the Content tab, where you will find an Enable Java checkbox.

"Intego recommends that users never download and install software from untrusted sources or questionable websites, and that people use care when opening unexpected attachments to email messages, even from friends and colleagues," the company said.

Rival security firm F-Secure said that incidences of Mac malware being spotted in the wild were increasing.

"Macs are popular with consumers, and also with malware authors. There's plenty of Zlob codec Trojans that will infect a Mac if given the chance," said F-Secure's Sean Sullivan.