Mac Trojan infects machines via unpatched Java bug

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Net-Security said:
Flashback Trojan variants have been targeting Mac users since September 2011, and they have gone through a variety of changes and techniques aimed at achieving its installation and avoiding its detection.

They initially posed as an Adobe Flash Player installer, then have acquired the capability to disrupt the automatic updating of XProtect, the operating system's built-in anti-malware application.

At the beginning, the user was responsible for downloading and running the malware, but lately even that step has been removed as newer variants have begun being dropped on targeted systems via an exploit of unpatched Java vulnerabilities.

According to F-Secure researchers, the latest variant of the malware - Flashback.K - is being distributed to Mac users through the misuse of one such vulnerability (CVE-2012-0507) that has already been patched in the Windows version of Java.

Unfortunately, Mac users haven't received a patch for that particular vulnerability since Apple hasn't yet ported it to Java for Macs. In addition to all that, there are rumors that an exploit for another unpatched Java flaw is being offered for sale on online forums.

Read more : https://www.net-security.org/malware_news.php?id=2052
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Other platform ... .same entry point for exploit driven infections.........
Oracle really needs to improve their Update process because at this point it can be considered a High Risk having Java installed on any platform...
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The good thing here Mac Antivirus were already widespread in the internet so majority surely detected at the latest threat vector.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Some of the websites uses Java in order to work and used for development. Some online scanners uses Java in order to work and conduct a scan.

However when there is no purpose of using Java its better to removed thus your being free from exploits through in a huge percentage. Laptops which preinstalled have Java thus users didn't noticed it on some cases.
 

McLovin

Level 78
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,228
You rarely see malware that pops up for MACs because of how secure their operating system is.
 

Gnosis

Level 5
Apr 26, 2011
2,779
I am pretty close to ridding my PC of Java. I have already shut it down in my Firefox browser.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Seems like Mozilla is taking some actions:

The Post said:
Mozilla Adds Older Java Versions to Firefox Blocklist

Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks.

The specific vulnerability in Java that Mozilla is trying to protect users against was patched by Oracle in February, but Java is one of the many browser components and extensions that users sometimes will fail to update for long periods of time. If users don't have the automatic updates enabled for Java, it could be a long time before they remember to update the software and that's a dangerous habit given how much attackers love to exploit Java.

"This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms," Mozilla's Kev Needham said.

Read more: http://threatpost.com/en_us/blogs/mozilla-adds-older-java-versions-firefox-blocklist-040312

Also it's important to be noted that Apple has released a patch that will fix this vulnerability.You can read more over at Sophos blog: http://nakedsecurity.sophos.com/2012/04/04/apple-patches-java-hole-that-was-being-used-to-compromise-mac-users/
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
+1 for Mozilla providing the action regarding to Java Vulnerability.

Some cases most of the users have old plugin installed in Firefox and the only way is to disable it, removing the Java console isn't hard thus a linkshows on the steps.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top