Mac Trojan infects machines via unpatched Java bug

[Jack]

Flashback Trojan variants have been targeting Mac users since September 2011, and they have gone through a variety of changes and techniques aimed at achieving its installation and avoiding its detection.

They initially posed as an Adobe Flash Player installer, then have acquired the capability to disrupt the automatic updating of XProtect, the operating system's built-in anti-malware application.

At the beginning, the user was responsible for downloading and running the malware, but lately even that step has been removed as newer variants have begun being dropped on targeted systems via an exploit of unpatched Java vulnerabilities.

According to F-Secure researchers, the latest variant of the malware - Flashback.K - is being distributed to Mac users through the misuse of one such vulnerability (CVE-2012-0507) that has already been patched in the Windows version of Java.

Unfortunately, Mac users haven't received a patch for that particular vulnerability since Apple hasn't yet ported it to Java for Macs. In addition to all that, there are rumors that an exploit for another unpatched Java flaw is being offered for sale on online forums.

Read more : https://www.net-security.org/malware_news.php?id=2052

 

[Jack]

Other platform ... .same entry point for exploit driven infections.........
Oracle really needs to improve their Update process because at this point it can be considered a High Risk having Java installed on any platform...

 

[jamescv7]

The good thing here Mac Antivirus were already widespread in the internet so majority surely detected at the latest threat vector.

 

[Prorootect]

So WHY they have this Java ..

Why.:sleepy:

 

[jamescv7]

Some of the websites uses Java in order to work and used for development. Some online scanners uses Java in order to work and conduct a scan.

However when there is no purpose of using Java its better to removed thus your being free from exploits through in a huge percentage. Laptops which preinstalled have Java thus users didn't noticed it on some cases.

 

[McLovin]

You rarely see malware that pops up for MACs because of how secure their operating system is.

 

[Gnosis]

I am pretty close to ridding my PC of Java. I have already shut it down in my Firefox browser.

 

[Jack]

Seems like Mozilla is taking some actions:

Mozilla Adds Older Java Versions to Firefox Blocklist

Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks.

The specific vulnerability in Java that Mozilla is trying to protect users against was patched by Oracle in February, but Java is one of the many browser components and extensions that users sometimes will fail to update for long periods of time. If users don't have the automatic updates enabled for Java, it could be a long time before they remember to update the software and that's a dangerous habit given how much attackers love to exploit Java.

"This vulnerability—present in the older versions of the JDK and JRE—is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox’s blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms," Mozilla's Kev Needham said.

Read more: http://threatpost.com/en_us/blogs/mozilla-adds-older-java-versions-firefox-blocklist-040312

Also it's important to be noted that Apple has released a patch that will fix this vulnerability.You can read more over at Sophos blog: http://nakedsecurity.sophos.com/2012/04/04/apple-patches-java-hole-that-was-being-used-to-compromise-mac-users/

 

[jamescv7]

+1 for Mozilla providing the action regarding to Java Vulnerability.

Some cases most of the users have old plugin installed in Firefox and the only way is to disable it, removing the Java console isn't hard thus a linkshows on the steps.