Yet another Java vulnerability discovered, researchers recommend disabling browser plug-in

url-3

Following an attack on a smaller number of corporate Macs that exploited a flaw in the Java browser plug-in, researchers from security firm FireEye warned users of yet another new Java zero-day vulnerability. According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are now vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month. Following the earlier attack, Apple released an update to Java for users to version 1.6.0_41. These recent vulnerabilities come after several updates over the last year to Java addressing exploits.

FireEye recommended users disable Java until Oracle addresses the issue:

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.

Oracle provided the instructions below for uninstalling Java on Mac: Read more

Apple removes Java applet plugin from OS X, continuing push for plugin-free web

Further pushing toward the idea of a plugin-free internet, Apple has issued an update to Java for OS X that removes the Java applet plugin. Attempting to use a Java applet through any OS X web browser will now prompt users to download the latest version directly from Java maker Oracle.

This is not the first time Apple has stopped shipping a specific browser plugin with their computers. With OS X Lion, users discovered that their Macs no longer came with Adobe’s oft-derided Flash Player plugin due to its instability and security issues. Apple has long held browser plugins in contempt, especially following the success of iOS, which hasn’t supported browser plugins at all in the past six years.

Just about every Mac Trojan/vulnerability over recent months and years has been related to outdated Java code. This move should close off those attack vectors.

Read more

Free app checks for the Flashback trojan infecting 600,000 Macs

Over the past few weeks, security experts have warned Mac users of a new virus making its rounds called the “Flashback” trojan. Flashback is allegedly on over 600,000 Macs, which is roughly 1-percent of the 45 million out there. Flashback exploits a pair of vulnerabilities in older versions of Java. Apple may have patched it, but it is still out there and running on many machines.

How do you know if you are infected? F-Secure has a few Terminal commands to check your machine. For the many who are not adept at keeping their Java updates fresh, terminal commands are going to be even more foreign. Luckily, ArsTechnica points us to a free Flashback checker available on github. The app runs the same checks as you would in Terminal, but automates it for you.

We ran the test ourselves and were clean, but one of our readers found that he had the virus last week. It is definitely worth checking out. If your Mac does have Flashback, F-secure offers a great guide on how to remove it.

Read more

In the wake of the Flashback Trojan, Apple quietly puts out an updated Java security patch

Earlier this week, Apple released a Java security update, 2012-001, to patch the Flashback vulnerability that a security company claims affected 600,000 Macs.

Late this evening, we are getting reports from readers that a new version of the Java update is becoming available via Software Update.

.

The latest update, Java for OS X 2012-002, supersedes the -001 update Apple released earlier this week, and indeed the KB article linked from the -002 update is still the -001 version (below).

Update: Apple sent a note out to its Java Community, below, with the ‘why’ (small issue they are the same but for a few symlinks and version numbers.)

Thanks Jessie! Read more

Flashback.G trojan seen exploiting ancient Java vulnerabilities to infect Macs

A new variant of the Flashback trojan horse called “Flashback.G” is reportedly out in the wild and able to exploit a pair of vulnerabilities found in an older version of Java run-time, according to a blog post by antivirus maker Intego yesterday. People running Snow Leopard and an older Java run-time are at high risk as the primary spreading method calls for maliciously crafted websites. When visiting such pages, the malware exploits a browser’s security settings and installs itself without any intervention on the user’s part.

Even if you use the latest Java run-time installation, the malware can still falsely report a Java certificate as signed by Apple (though it is reported as untrusted), duping naïve users into clicking the Continue button in the certificate window and letting the trojan infect the host system.

Upon infection, the trojan will suck personal data into the cloud, including sensitive usernames and passwords for Google, PayPal, eBay, and other popular websites. One possible sign of infection includes unexpected crashes in Safari, Skype, and other apps with embedded browser content.

So, how does one protect oneself from this nasty piece of software?

Read more