Mac OS forum

General discussion

FYI: Fix for Zero-Day Mac Java Flaw

by Carol~ Forum moderator / April 4, 2012 7:11 AM PDT

Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.

The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.

The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan has successfully infected more than 550,000 Macs, most which it said were U.S. based systems (hat tip to Adrian Sanabria). Dr.Web's post is available in its Google translated version here.

Continued : http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/

From The Mac Security Blog: Apple Releases Java Update; Includes Fix for Vulnerability Exploited by Flashback Malware

Post a reply
Discussion is locked
You are posting a reply to: FYI: Fix for Zero-Day Mac Java Flaw
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: FYI: Fix for Zero-Day Mac Java Flaw
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Note that this only installs if you give it permission
by mrmacfixit Forum moderator / April 4, 2012 9:14 AM PDT

To quote another Mac website,

Think before you Click!

and be aware of what the Software Update dialog box looks like.

Thanks Carol


P

Collapse -
Fix for Zero-Day Java Flaw
by mrmacfixit Forum moderator / April 5, 2012 6:20 AM PDT
Collapse -
Another way is to launch Terminal
by mrmacfixit Forum moderator / April 5, 2012 6:37 AM PDT

and copy and paste the following commands, one at a time, and hit Return:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If you get "The domain/default pair ... does not exist" for both - you are clean

P

Collapse -
Apple Developing Tool to Detect and Remove Flashback Malware
by Carol~ Forum moderator / April 11, 2012 6:42 AM PDT

From Apple Support: About Flashback malware

Last Modified: April 10, 2012

Article: HT5244

Products Affected: Java, Mac OS X 10.6, OS X Lion

Summary: A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

Apple is developing software that will detect and remove the Flashback malware.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

Additional Information
For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.

http://support.apple.com/kb/HT5244

Various News Articles (amongst many):
Apple promises Flashback malware killer
Apple announces Flashback removal tool
Apple developing tool to detect and remove Flashback Trojan

Collapse -
Apple Releases Java Update with Flashback Removal Tool
by Carol~ Forum moderator / April 12, 2012 9:22 PM PDT
Last Modified: April 12, 2012

Article: HT5242

Products Affected: Java, Product Security, OS X Lion, Mac OS X v10.6

Summary: This Java security update removes the most common variants of the Flashback malware.

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion.

This update is recommended for all Mac users with Java installed.

http://support.apple.com/kb/HT5242
___________________________

From Heise Security:

Additionally, the new Java update for Mac OS X 10.7 Lion prevents Java applets from being automatically executed by disabling the Java web plugin by default. Users can re-enable the automatic execution of Java applets via the Java Preferences application. However, if the plugin detects that Java applets have not been run for "an extended period of time", it will automatically disable applet support again.

The company has also released another Java update (Java for Mac OS X 10.6 Update 8) for systems running Mac OS X 10.6 Snow Leopard which removes the Flashback trojan. However, unlike the update for 10.7 Lion, it does not disable Java applets by default. Apple recommends that users who do not use Java applets should manually disable the Java web plugin in their browser; instructions for disabling the Java plugin in Safari are provided.

Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 are available to download from Apple's Support Downloads site. Alternatively, users who previously installed Java on their systems can upgrade using the built-in Software Update function. All users are advised to install the updates.
Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.