Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Where is the fix for Zero-Day Flaw on Java for Mac

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-04-2012
Member
 
Join Date: Apr 2012
Posts: 36
Where is the fix for Zero-Day Flaw on Java for Mac
  

Everyone might have heard that Apple had released a critical update to Java for Mac OS X which is meant for to fix dozen security holes and vulnerabilities in the program. This patch needs to fix the flaw that attackers used broadly to deploy malicious software. It is on both Windows and Mac. This update for java in Mac X Lion 2012-001 or Mac OS X 10.6 sews up an very serious security vulnerability. This flow has been used to plant the Flashback Trojan so that it can infect large numbers of Mac computers. The recent reports say that Flashback Trojan has successfully infected more than 550,000 Macs, and mostly in U.S. based systems. This has been confirmed by the Russian security firm.

Reply With Quote
  #2  
Old 29-04-2012
Member
 
Join Date: Mar 2011
Posts: 440
Re: Where is the fix for Zero-Day Flaw on Java for Mac

Yes I have also heard that a recent version of malicious software named Flashback Trojan exploits a security flaw in Java which enables it install itself on Mac and then helps it to infect other communicating via network. For this reason, the apple has released a Java update, which is available from April 3, 2012. This update is meant to fix in OS X v10.7 and Mac OS X v10.6. if your Mac is connected to the internet, it will automatically checks for updates but it would be better to run Software Update at any time to manually. Apple is trying to create a software or removal tool in order to detect and remove the Flashback malware.
Reply With Quote
  #3  
Old 29-04-2012
Member
 
Join Date: May 2011
Posts: 425
Re: Where is the fix for Zero-Day Flaw on Java for Mac

Popular Exploitation Kits - kits for commercial malware - have exploited vulnerability in Java before a patch was released. For example, Phoenix 3.0, and Black Hole Exploit Kit 1.2.1 contained an attack on the unpatched vulnerability, which is unusual. Such exploitation kits usually put more on older vulnerabilities for which patches are available but have not recorded the number of users. It is similar to other Java vulnerabilities, which will run untrusted code with elevated privileges. About the Javscript engine Rhino can the Security Manager and then running off code with all rights. This works across platforms, so that the gap can be abused very efficiently. Malware kits have apparently rushed to take up the weakness in its repertoire. They were nevertheless faster than the Java provider - i.e. Oracle - with its patch. Generally it is advisable to keep Java up to date at all times - or shut down if it is not needed.
Reply With Quote
  #4  
Old 29-04-2012
Member
 
Join Date: May 2011
Posts: 443
Re: Where is the fix for Zero-Day Flaw on Java for Mac

Currently spread a flashback Trojan that has now infected more than 600,000 Macs already. According to a report by security experts, these are an updated version of an old friend who was driving in September last year on the loose. His name has become malware fact, because their distribution is taking place on older Java gaps as alleged Flash player. If the Sun continues to spread by equipping rapidly, this could develop into the largest outbreak of malware on a Mac platform.
Reply With Quote
  #5  
Old 29-04-2012
Member
 
Join Date: May 2011
Posts: 269
Re: Where is the fix for Zero-Day Flaw on Java for Mac

Java Web Start contains a vulnerability that can be exploited using manipulated websites in order to gain access to affected systems. Obviously, the URL parameters that are passed to the browser plug-in will be considered only insufficiently. Sun has been providing the Java Update 10 from the Java Deployment Toolkit to allow Java developers to distribute their Web applications to end users easier. The toolkit will be automatically installed with the Java Runtime Environment (JRE) and is marked by default as a safe scripting function.
Reply With Quote
  #6  
Old 29-04-2012
Member
 
Join Date: Jun 2011
Posts: 452
Re: Where is the fix for Zero-Day Flaw on Java for Mac

The malicious code for OS X it is injected into Web browsers and other applications of the system. Once the user starts the program, the Trojans are trying to connect with his command servers to send personal information and screenshots, while also being malware is loaded. In recent versions, the Mac via drive-by downloads are infected. All it takes is a visit to an appropriately crafted web site. Was made possible by the spread of resulting zero-day vulnerability in the Java Runtime Environment. Apple has responded before yesterday and a security update for Java provided. This is true only for Mac OS X 10.6 and 10.7. Security experts warn that older systems continue to be vulnerable. For all users it is strongly recommended to carry out a security update.
Reply With Quote
  #7  
Old 29-04-2012
Member
 
Join Date: Jul 2011
Posts: 262
Re: Where is the fix for Zero-Day Flaw on Java for Mac

The first evident is that the attack must have occurred through Anglophone sites. If your Java is not updated to the latest version (and Apple has provided a patch just yesterday), your intervention is not required to undergo an infection. And 'Just put a foot on a malicious site.

The second variant uses the usual cheap tricks to pickpocket: it pretends to be an update of Flash is installed in the Applications folder and then check that there are some files that are concerned about, such as Little Snitch, and various anti-virus (if there are, deletes itself) and then download their "payload", the real malware. Without this you need the administrator password and obtained engages in Firefox or Safari. Without administrative privileges do not cease to be dangerous is installed in the folders of users and is run in conjunction with any application. Itís easier to find, so, but very pervasive and malicious.
Reply With Quote
  #8  
Old 29-04-2012
Member
 
Join Date: Aug 2011
Posts: 398
Re: Where is the fix for Zero-Day Flaw on Java for Mac

Flashback-K due to an exploit uses vulnerability CVE - 2012 - 0507. It seems that this new version manages to sneak in and activate the operating system without the need for the user to type the administrator password. In performing this malware will require the administrator password to be activated, but whether or not the user enters the password, the malware will remain inactive until it will not be entered for another operation, and then proceed to ' SO infection. While waiting for a Java update from Apple to plug this vulnerability is the case with some care to have more to avoid running into this Trojan. Since this virus exploits vulnerability in Java, you just edit a bit to be safe.
Disable Java in the browser used to surf the internet
  • Chrome: Java is not installed on Chrome, will install and activate the first link with a site that requests it and ask your permission to run (enter admin password).
  • Safari: Disable Java "Preferences" - "Security" - Remove the checkmark on "Enable Java"
  • Firefox: Go to "Preferences" - "Add-ons" - select the "Plug-In" and disable Java
Reply With Quote
  #9  
Old 03-05-2012
Member
 
Join Date: Jun 2011
Posts: 43
Re: Where is the fix for Zero-Day Flaw on Java for Mac

The Trojan exploits a flaw in this Java on Mac and PC and I imagine it was easy to create the fake Flash installer on Mac, and then it was done. But it's not an attack specifically targeted at Mac and if we talk about it much today, it is mainly because this kind of news is no longer a long time on the PC. It remains a legal aspect to consider in this case (I mean Flashback), whether Apple would not be required to pay a heavy fine for having sinned in this story. From my perspective, Apple has eroded its customers into believing she was protecting them and more importantly responding "quickly", although this was not the case.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Where is the fix for Zero-Day Flaw on Java for Mac"
Thread Thread Starter Forum Replies Last Post
Design flaw of HTC Explorer? Marjorie Portable Devices 5 02-11-2011 06:07 PM
Will there be a siri security flaw in iPhone 4S? bIbEkS Portable Devices 6 11-10-2011 08:40 PM
Windows kernel flaw bypasses UAC dogaman Operating Systems 4 13-12-2010 05:31 PM


All times are GMT +5.5. The time now is 12:51 PM.