"Intego describes three unique methods that the Trojan horse uses to infect Macs: It attempts to exploit a pair of Java vulnerabilities in sequence, which the company says allows infection with no further user intervention. Failing those two approaches, resorts to social engineering. In that last case, the applet presents a self-signed digital certificate, falsely claiming that the certificate is “signed by Apple Inc”; if you click Continue, the malware installs itself."
This isn't the first time that Apple's Java has had a gaping security hole that was exploitable from a web page. Shame on Apple for not caring enough about Java to make it as solid as the rest of their frameworks. Generally speaking, Macs are good about sandboxing apps from the web. One of my biggest criticisms of Windows has been its poor sandboxing of Active X and other crap in their Internet Explorer.
John Duprey is a husband and father. He is also a software architect for Thomson Reuter's Research and Development group.
When not making the world better, one line of code at a time, John enjoys a blessed life with his family.