Apple silently released security patches for Java, addressing 12 separate flaws yesterday after their OS X operating system was found to be vulnerable to the Flashback Trojan. In fact security experts were so worried about the potential for damage from the malware that they recommended ditching Java until it had been plugged.
While those using Microsoft’s Windows OS were at the highest level of risk initially, the Mac Security blog Intego found a new Flashback variant in the wild at the beginning of March, created to specifically target Apple OS X users.
The new update is available from the update manager for OS X 10.6 and 10.7 operating systems and is described by Apple as targeting “multiple vulnerabilities [that] exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. “
Further investigations by Sucuri Security located a considerable number of infected websites using older releases of WordPress with the "ToolsPack" plugin installed. Analysis of this plugin revealed it was simply a backdoor that allowed hackers to execute any code on the infected website. It is believed these sites are re-directing the browsers of Mac OS X users to webpages containing the new strain of Flashback malware.
Whilst it is good that Apple has finally patched the vulnerabilities that Windows users saw updates for back in February, it is rumored that one critical flaw remains, which F-Secure says is being actively discussed on underground forums where money is also being exchanged in return for the exploit code.
"It is strongly recommended to update your Java client to the latest version, disable it when not needed, or better yet, remove it completely if you don’t really need it," the security firm said in a blog post yesterday.
Attacks are rarely as serious in nature on Apple’s OS X platform, but there is no doubt that exploits are increasing as hackers realize the value of targeting their OS. More alarmingly, the Flashback malware has also opened up another potential problem – Apple by all accounts has been very slow to respond to the security fixes that Oracle released for their affected software used on Windows back In February.