Giveaway: Bracketron Case If outdoor adventures are in your future this summer, enter to win a Bracketron Sport Case with Mount Strap from MacNN and keep that iPhone, iPod or other electronic device safe from the elements.      
toggle

AAPL Stock: 454.74 ( + 1.77 )

http://www.macnn.com/articles/12/04/02/recent.malware.continues.to.evolve/

Flashback.K Trojan exploits unfixed Java vulnerability

updated 05:10 pm EDT, Mon April 2, 2012

 

Recent malware continues to evolve


Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.

Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.

F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.


by MacNN Staff

Post tools:

TAGS :

 security, Java, OS X
toggle

Comments

  1. chas_m

    Moderator

    Joined: Aug 2001

    +1

    Short version

    of the instructions from F-Secure: turn off Java in Safari preferences. Chances are you're not using it anyway, so it will have no or little effect.

  1. facebook_James

    Via Facebook

    Joined: Apr 2012

    +2

    Apple no longer distributes JAVA

    JAVA was handed back by Apple to Oracle, JAVA's owner - for its maintenance and updates.

    Third party products like JAVA and Flash greatly increase vulnerability in Mac OS X by creating holes in the operating system.

    Turning off Java in Safari is smart since it is rarely used in Safari.

  1. jreades

    Junior Member

    Joined: Feb 1999

    +2

    Re: Apple no longer...

    Errrr, no.

    It might be nice to blame Oracle for this, but if you'd read the article you'd notice that it says that Oracle has patched the problem. Apple builds and distributes its own Java distribution -- this is why it shows up as a Software Update and if you got to http://support.apple.com/kb/DL1421?viewlocale=en_US&locale=en_US then you will be prompted to download it from Apple's web site and not from Oracle.

    chas_m's advice is much more useful than your opinion on who is to blame. BTW, Java is useful for a whole bunch of things -- I spent most of the morning developing in it (on my iMac).

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to understate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming declin ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

toggle

Most Commented