dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
667
share rss forum feed


haroldo

join:2004-01-16
united state
kudos:1

[Security] Mac Flashback Exploiting Unpatched Java Vulnerability

quote:
Mac Flashback Exploiting Unpatched Java Vulnerability - F-Secure Weblog - News from the Lab
A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now.
Oracle released an update that patched this vulnerability back in February… for Windows.

But — Apple hasn't released the update for OS X (yet)...
»www.f-secure.com/weblog/archives···341.html

Re: [Security] Mac Flashback Exploiting Unpatched Java Vulnerabi

Who uses Java ? It's not even installed if your running Lion.



HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

said by mozilla user :

Who uses Java ? It's not even installed if your running Lion.

Look, just because Apple shuns Java & Flash, doesn't mean people don't use it.

It's needed for a crapload of sites. If you avoid certain sites because of technologies used don't jive with Apple's views, thats's pretty sad.
--
Tank Nation 2012



J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
reply to haroldo

Hmmm, I just got a notice today of an update for Java..(and iPhoto)...


reply to HiVolt

It's needed for a crapload of sites

Maybe here to do some tests, other than maybe Yahoo game sites. I haven't noticed it missing for years. Nothing to do with with Apple, I have it disabled on my Windows machines.



haroldo

join:2004-01-16
united state
kudos:1
reply to haroldo

quote:
A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

Apple is developing software that will detect and remove the Flashback malware.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

»support.apple.com/kb/HT5244?view···le=en_US


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..

Yeah, so it would appear that these website themselves have been hacked. I downloaded a scanner from the App Store just to be safe. Came up golden.

As much as Apple hates Java and Adobe, they need to work with there guys as they aren't going anywhere anytime soon.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2

Jeff....Which scanner did you download from the App store? Is it a scanner for malware?
--
PR is back in town



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

said by lordpuffer:

Jeff....Which scanner did you download from the App store? Is it a scanner for malware?

Avery good anti malware product for the Mac is made by ESET


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..
reply to lordpuffer

said by lordpuffer:

Jeff....Which scanner did you download from the App store? Is it a scanner for malware?

Dr. Web Light. It's #2 under free apps at the App Store (since I wasn't going to download it from anywhere else). It was the App recommended by the company that first found the malware.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:2

Thank you both.
--
PR is back in town