also @ TechSpot: iTunes 11.0.3 delivers revamped MiniPlayer, security fixes

Apple finally releases Java patches for Flashback malware

By

On April 4, 2012, 9:30 AM

apple, oracle, java, trojan, malware, os x, exploits, os x 10.6, os x 10.7, flashba

Apple silently released security patches for Java, addressing 12 separate flaws yesterday after their OS X operating system was found to be vulnerable to the Flashback Trojan. In fact security experts were so worried about the potential for damage from the malware that they recommended ditching Java until it had been plugged.

While those using Microsoft’s Windows OS were at the highest level of risk initially, the Mac Security blog Intego found a new Flashback variant in the wild at the beginning of March, created to specifically target Apple OS X users.

The new update is available from the update manager for OS X 10.6 and 10.7 operating systems and is described by Apple as targeting “multiple vulnerabilities [that] exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. “

Further investigations by Sucuri Security located a considerable number of infected websites using older releases of WordPress with the "ToolsPack" plugin installed. Analysis of this plugin revealed it was simply a backdoor that allowed hackers to execute any code on the infected website. It is believed these sites are re-directing the browsers of Mac OS X users to webpages containing the new strain of Flashback malware. 

Whilst it is good that Apple has finally patched the vulnerabilities that Windows users saw updates for back in February, it is rumored that one critical flaw remains, which F-Secure says is being actively discussed on underground forums where money is also being exchanged in return for the exploit code. 

"It is strongly recommended to update your Java client to the latest version, disable it when not needed, or better yet, remove it completely if you don’t really need it," the security firm said in a blog post yesterday.

Attacks are rarely as serious in nature on Apple’s OS X platform, but there is no doubt that exploits are increasing as hackers realize the value of targeting their OS. More alarmingly, the Flashback malware has also opened up another potential problem – Apple by all accounts has been very slow to respond to the security fixes that Oracle released for their affected software used on Windows back In February.

, , , , , , , , ,

3 comments

Related Products from Product Finder

Apple iPhone 4S 88

Apple iPhone 4S

The iPhone 4S looks identical to last year's model but comes in a new 64GB flavor and upgrades the camera to include an 8-megapixel sensor with improved low-light performance and 1080p video capture. In terms of performance the new iPhone is reportedly up to 2x faster and is also capable of running on faster HSPA+ networks, reaching theoretical download speeds of up to 14.4Mbps.

93 Reviews

Apple TV G3 79

Apple TV G3

The Apple TV features a micro-USB for service only, HDMI output, optical audio output, 10/100 Ethernet. It also allows you to sign in to your Wi-Fi account and use the remote (or better yet, the free Remote app on an iPhone, iPad, or iPod touch) to navigate around. Last but not least, you can purchase TV shows, plus rent or purchase movies and stream in photos from your iCloud Photo Stream and Flickr.

26 Reviews

Apple iPad 89

Apple iPad

The Apple iPad (3rd-gen) includes a Retina Display operating at a resolution of 2,048 x 1,536. Powering the new iPad is a dual-core A5X processor with quad-core graphics, it also gets upgraded optics in the form of a 5MP backside illuminated sensor that features a 5-element lens, IR filter and ISP built into the A5X chip. Apple claims The new iPad is good for 10 hours of battery life and nine hours when using 4G LTE.

79 Reviews

Apple MacBook Pro 13.3 inch - Winter 2011 Version - Intel Core i5 87

Apple MacBook Pro 13.3 inch - Winter 2011 Version - Intel Core i5

Read expert reviews, pros & cons, and product information about Apple MacBook Pro 13.3 inch - Winter 2011 Version - Intel Core i5. There are 17 reviews available so far.

14 Reviews

User Comments: 3

Got something to say? Post a comment
  1. April 4, 2012 10:56 AM
    bexwhitt said:

    I have stopped installing java on new machines

    Reply
  2. April 4, 2012 4:02 PM
    Guest said:

    omg!!! I thought macs were invulnerable....... What happened Seteve? Did you lied us?

    Reply
  3. April 4, 2012 4:12 PM
    Guest said:

    Java sucks.

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

Network documentation 7 replies on Storage and Networking

Wireless capability keeps turning off 20 replies on Storage and Networking

Catalyst Control Center Error 8 replies on Device Drivers

Laptop overheats after coming out of sleep 6 replies on Mobile Computing

No monitor signal 64 replies on Audio and Video

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.