- Computer Help
- Fun Stuff
Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.
The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan has successfully infected more than 550,000 Macs, most which it said were U.S. based systems (hat tip to Adrian Sanabria). Dr.Web’s post is available in its Google translated versionhere.
Flashback is an increasingly sophisticated malware strain that sniffs network traffic in search of user names and passwords. Early versions of it prompted Mac users to enter their password before it would run, but the most recent strains will happily infect vulnerable Mac systems without requiring a password, writes Ars Technica, among others. F-Secure has additional useful information on this Trojan attack here.
As Ars notes, although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. If you need Java on your Mac only for a specific application (such as OpenOffice), you can unplug it from the browser by disabling its plugin. In Safari, this can be done by clicking Preferences, and then the Security tab (uncheck “Enable Java”). In Google Chrome, open Preferences, and then type “Java” in the search box. Scroll down to the Plug-ins section, and click the link that says “Disable individual plug-ins.” If you have Java installed, you should see a “disable” link underneath its listing. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s).
WINDOWS AND MAC USERS: DELETE JAVA!!
I can’t stress this point strongly enough: If you don’t need Java, remove it from your system, whether you are a Mac or Windows user. If you need further convincing of my reasons for this recommendation, I’d encourage you to browse through some of my past Java-related posts.
Apple maintains its own version of Java, and as with this release, it has typically fallen unacceptably far behind Oracle in patching critical flaws in this heavily-targeted and cross-platform application. In 2009, I examined Apple’s patch delays on Java and found that the company patched Java flaws on average about six months after official releases were made available by then-Java maintainer Sun. The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.
Reblogged Via KrebsOnSecurity
- Click to share on Facebook (Opens in new window)
- Click to share on Twitter (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to print (Opens in new window)
Nick is an IT Professional who has been in the IT industry for over 15 years. A passion for technology & thirst for knowledge. A certified ITIL v3 professional, Nick is qualified & dedicated to delivering effective & efficient IT services with an Honest smile.
A message from Apple Inc. to you regarding a dangerous precedent the US government would like to take...... fb.me/5ag55yGMt
Pretty much fb.me/7DevBjXFK
Millions of devices threatened by virus fb.me/44ZpuaWlJ
Connecting to the Internet back in the day.... fb.me/3eaAzM0i0
February 2018 M T W T F S S « Oct 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
Tags3G 4G Android Anthony Magro Apple App of the week artofconversations Battery CNET facebook FaceTime Google Honeycomb iCloud iOS iOS 5 iPad iPhone iPhone 4s iPhone 5 iPod iTunes Laptop Mac Microsoft MobileZap nokia Notebook PC Samsung Samsung Galaxy Samsung Galaxy s4 security Siri Smartphone Social Networking Tablet Technology Tim Cook twitter WiFi Windows Windows 8 WordPress YouTube