Apple releases third patch for Java exploits, plus Flashback removal tool
I, among many other security bloggers, have recently posted articles regarding Java vulnerabilities and patches and how crimeware exploit kits target Java before any other commonly installed software. In fact, I published an article last night, April 12, 2012 about security patches that have been released so far this year, in which I mentioned that Apple had lagged way behind in patching the version of Java used on Mac computers.
Well, it may have taken Apple 2 months to issue "a" patch, but they enjoyed doing that so much that they have now released their third patch in 7 days! Yes Mac owners, you have three critical patches to download and apply, including the latest one issued late yesterday (April 12, 2012).
You see, Apple has a policy of discontinuing support for certain third party software for various reasons. They decided about a year ago to drop support for Adobe Flash. Not too long ago they also decided to drop support for Oracle Java and removed it from the list of applications that are installed or updated by Apple Software Updates.
This decision to stop deploying Java with Apple/Mac updates was a tactical error in my opinion. It was well intentioned, but short sighted. Java exploits are absolutely the number one infection vector used by perpetrators of the ZeuS Trojan and various botnet installers. Java is cross-platform, and has been described by its original maker Sun Corporation as "write once, run anywhere" technology. Java is not a scripted language, but is deployed as compiled mini-programs, known as Applets, using what are known as .JAR files to distribute these programs and their supporting files.
Run Anywhere includes Mac OS computers, as well as smartphones, tablets, ATMs, on and on. Even though the user base for Mac computers is relatively small, compared to Windows, they have now become targets of Java exploit kits, due to the erroneous attitude of many Mac users that they are immune to malware sneak attacks. This has been proven to be wrong thinking.
Enter the Flashback backdoor botnet installer for Macs
It was not too complicated for the authors of the Flashback backdoor Trojan to update their exploit kit to detect if the computer being attacked was a Mac. If yes to is Mac, the machine is probed to see if a vulnerable version of Java is installed (whether or not the owner is using Java or even aware of it), then if certain security programs are also installed. If Java is installed, and these particular effective anti-malware programs, the Trojan installer bails out and deletes itself, knowing it has no chance of success.
Due to the viruses don't infect us attitude of many Mac owners who also had Java installed and were lured to compromised websites, or served malicious advertisements on legitimate websites, over 600,000 of them were infected with the Flashback backdoor, which drafts the computer into the Flashback Botnet. The Trojan also steals login credentials and other personal information from those computers.
Here is how a CNET security blogger described the new Mac Flashback infection routine:
Simply visiting a malicious Web site containing Flashback on an OS X system with Java installed will result in one of two installation routes. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.Once installed, the Flashback will inject code into Web browsers and other applications like Skype to harvest passwords and other information from those program's users.
Apple has finally responded to this threat that has affected so many of its trusting Mac OS X users. The third update, issued on April 12, 2012, includes a removal tool for the Flashback Trojan itself. The previous updates included the latest version of Java, for those computers that had a previous version installed, as well as a code patch that will make it much more difficult for silent infections to occur in user space.
Mac users still need to be aware that malware is targeting them and even if this one is being dealt with, others are certain to come along, exploiting a to be discovered weakness in the operating system. Then, there is always social trickery that fools people into supplying their administrator password for a malware Trojan, disguised as some desirable utility program.
Finally, only Macs running OS X Lion, or 10.6 are patched by the Apple Java updates. If your Mac runs on Snow Leopard or earlier, you remain totally vulnerable to the Flashback Trojan, if you have Java installed and it it not at least patched version Java 1.6.0_31. Your only protections are to disable Java from running in your browsers, or uninstall it completely from your computer.
There are many anti-virus programs available for Mac computers, including Smart Surfing for Mac from Trend Micro, which detects, blocks and removes Mac viruses and content stealing Trojans.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.