Results 1 to 9 of 9

Thread: Where is the fix for Zero-Day Flaw on Java for Mac

  1. #1
    Join Date
    Apr 2012
    Posts
    36

    Where is the fix for Zero-Day Flaw on Java for Mac

    Everyone might have heard that Apple had released a critical update to Java for Mac OS X which is meant for to fix dozen security holes and vulnerabilities in the program. This patch needs to fix the flaw that attackers used broadly to deploy malicious software. It is on both Windows and Mac. This update for java in Mac X Lion 2012-001 or Mac OS X 10.6 sews up an very serious security vulnerability. This flow has been used to plant the Flashback Trojan so that it can infect large numbers of Mac computers. The recent reports say that Flashback Trojan has successfully infected more than 550,000 Macs, and mostly in U.S. based systems. This has been confirmed by the Russian security firm.

  2. #2
    Join Date
    Mar 2011
    Posts
    442

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    Yes I have also heard that a recent version of malicious software named Flashback Trojan exploits a security flaw in Java which enables it install itself on Mac and then helps it to infect other communicating via network. For this reason, the apple has released a Java update, which is available from April 3, 2012. This update is meant to fix in OS X v10.7 and Mac OS X v10.6. if your Mac is connected to the internet, it will automatically checks for updates but it would be better to run Software Update at any time to manually. Apple is trying to create a software or removal tool in order to detect and remove the Flashback malware.

  3. #3
    Join Date
    May 2011
    Posts
    428

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    Popular Exploitation Kits - kits for commercial malware - have exploited vulnerability in Java before a patch was released. For example, Phoenix 3.0, and Black Hole Exploit Kit 1.2.1 contained an attack on the unpatched vulnerability, which is unusual. Such exploitation kits usually put more on older vulnerabilities for which patches are available but have not recorded the number of users. It is similar to other Java vulnerabilities, which will run untrusted code with elevated privileges. About the Javscript engine Rhino can the Security Manager and then running off code with all rights. This works across platforms, so that the gap can be abused very efficiently. Malware kits have apparently rushed to take up the weakness in its repertoire. They were nevertheless faster than the Java provider - i.e. Oracle - with its patch. Generally it is advisable to keep Java up to date at all times - or shut down if it is not needed.

  4. #4
    Join Date
    May 2011
    Posts
    443

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    Currently spread a flashback Trojan that has now infected more than 600,000 Macs already. According to a report by security experts, these are an updated version of an old friend who was driving in September last year on the loose. His name has become malware fact, because their distribution is taking place on older Java gaps as alleged Flash player. If the Sun continues to spread by equipping rapidly, this could develop into the largest outbreak of malware on a Mac platform.

  5. #5
    Join Date
    May 2011
    Posts
    271

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    Java Web Start contains a vulnerability that can be exploited using manipulated websites in order to gain access to affected systems. Obviously, the URL parameters that are passed to the browser plug-in will be considered only insufficiently. Sun has been providing the Java Update 10 from the Java Deployment Toolkit to allow Java developers to distribute their Web applications to end users easier. The toolkit will be automatically installed with the Java Runtime Environment (JRE) and is marked by default as a safe scripting function.

  6. #6
    Join Date
    Jun 2011
    Posts
    454

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    The malicious code for OS X it is injected into Web browsers and other applications of the system. Once the user starts the program, the Trojans are trying to connect with his command servers to send personal information and screenshots, while also being malware is loaded. In recent versions, the Mac via drive-by downloads are infected. All it takes is a visit to an appropriately crafted web site. Was made possible by the spread of resulting zero-day vulnerability in the Java Runtime Environment. Apple has responded before yesterday and a security update for Java provided. This is true only for Mac OS X 10.6 and 10.7. Security experts warn that older systems continue to be vulnerable. For all users it is strongly recommended to carry out a security update.

  7. #7
    Join Date
    Jul 2011
    Posts
    265

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    The first evident is that the attack must have occurred through Anglophone sites. If your Java is not updated to the latest version (and Apple has provided a patch just yesterday), your intervention is not required to undergo an infection. And 'Just put a foot on a malicious site.

    The second variant uses the usual cheap tricks to pickpocket: it pretends to be an update of Flash is installed in the Applications folder and then check that there are some files that are concerned about, such as Little Snitch, and various anti-virus (if there are, deletes itself) and then download their "payload", the real malware. Without this you need the administrator password and obtained engages in Firefox or Safari. Without administrative privileges do not cease to be dangerous is installed in the folders of users and is run in conjunction with any application. It’s easier to find, so, but very pervasive and malicious.

  8. #8
    Join Date
    Aug 2011
    Posts
    403

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    Flashback-K due to an exploit uses vulnerability CVE - 2012 - 0507. It seems that this new version manages to sneak in and activate the operating system without the need for the user to type the administrator password. In performing this malware will require the administrator password to be activated, but whether or not the user enters the password, the malware will remain inactive until it will not be entered for another operation, and then proceed to ' SO infection. While waiting for a Java update from Apple to plug this vulnerability is the case with some care to have more to avoid running into this Trojan. Since this virus exploits vulnerability in Java, you just edit a bit to be safe.
    Disable Java in the browser used to surf the internet
    • Chrome: Java is not installed on Chrome, will install and activate the first link with a site that requests it and ask your permission to run (enter admin password).
    • Safari: Disable Java "Preferences" - "Security" - Remove the checkmark on "Enable Java"
    • Firefox: Go to "Preferences" - "Add-ons" - select the "Plug-In" and disable Java

  9. #9
    Join Date
    Jun 2011
    Posts
    45

    Re: Where is the fix for Zero-Day Flaw on Java for Mac

    The Trojan exploits a flaw in this Java on Mac and PC and I imagine it was easy to create the fake Flash installer on Mac, and then it was done. But it's not an attack specifically targeted at Mac and if we talk about it much today, it is mainly because this kind of news is no longer a long time on the PC. It remains a legal aspect to consider in this case (I mean Flashback), whether Apple would not be required to pay a heavy fine for having sinned in this story. From my perspective, Apple has eroded its customers into believing she was protecting them and more importantly responding "quickly", although this was not the case.

Similar Threads

  1. Design flaw of HTC Explorer?
    By Marjorie in forum Portable Devices
    Replies: 5
    Last Post: 02-11-2011, 06:07 PM
  2. Will there be a siri security flaw in iPhone 4S?
    By bIbEkS in forum Portable Devices
    Replies: 6
    Last Post: 11-10-2011, 08:40 PM
  3. Windows kernel flaw bypasses UAC
    By dogaman in forum Operating Systems
    Replies: 4
    Last Post: 13-12-2010, 06:31 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,710,819,173.13992 seconds with 16 queries