toggle

AAPL Stock: 100.79 ( + 0.26 )

Printed from http://www.macnn.com

Flashback.K Trojan exploits unfixed Java vulnerability

updated 05:10 pm EDT, Mon April 2, 2012

Recent malware continues to evolve

Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.

Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.

F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. chas_m

    Moderator

    Joined: Dec 1969

    +1

    Short version

    of the instructions from F-Secure: turn off Java in Safari preferences. Chances are you're not using it anyway, so it will have no or little effect.

  1. facebook_James

    Via Facebook

    Joined: Apr 2012

    +2

    Apple no longer distributes JAVA

    JAVA was handed back by Apple to Oracle, JAVA's owner - for its maintenance and updates.

    Third party products like JAVA and Flash greatly increase vulnerability in Mac OS X by creating holes in the operating system.

    Turning off Java in Safari is smart since it is rarely used in Safari.

  1. jreades

    Joined: Dec 1969

    +2

    Re: Apple no longer...

    Errrr, no.

    It might be nice to blame Oracle for this, but if you'd read the article you'd notice that it says that Oracle has patched the problem. Apple builds and distributes its own Java distribution -- this is why it shows up as a Software Update and if you got to http://support.apple.com/kb/DL1421?viewlocale=en_US&locale=en_US then you will be prompted to download it from Apple's web site and not from Oracle.

    chas_m's advice is much more useful than your opinion on who is to blame. BTW, Java is useful for a whole bunch of things -- I spent most of the morning developing in it (on my iMac).

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

Logitech Z213 multimedia speakers

Desktop computer speakers sit in a weird area of limbo: many consumers have forgone the era of desktop listening for the privacy and v ...

toggle

Most Commented