• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Zero Day Java Vulnerability Exploited – Macs Infected With Flashback Malware

April 3, 2012

Views: 1,954

Interesting timing this one, just a couple of days ago we reported – Avira Joins The Crowd & Starts To Offer Mac Antivirus Software – and now an unpatched vulnerability in Java for Mac OS that is being exploited in the wild.

The vulnerability (CVE-2012-0507) was patched in Java by Oracle back in February, but Apple roll their own Java for Mac OS and they haven’t rolled in this fix yet.

Flashback malware seems to be evolving pretty fast, it just shows that security in the Apple world is becoming a serious issue.

A Java vulnerability that hasn’t yet been patched by Apple is being exploited by cybercriminals to infect Mac computers with a new variant of the Flashback malware, according to security researchers from antivirus firm F-Secure.

Flashback is a computer Trojan horse for Mac OS that first appeared in September 2011. The first variant was distributed as a fake Flash Player installer, but the malware has been changed significantly since then, both in terms of functionality and distribution methods.

Back in February, several antivirus companies reported that a new Flashback version was being distributed through Java exploits, which meant that the infection process no longer required user interaction.

The Java vulnerabilities targeted by the February exploits dated back to 2009 and 2011, so users with up-to-date Java installations were protected.

However, that’s no longer the case with the latest variant of the malware, Flashback.K, which is being distributed by exploiting an unpatched Java vulnerability, security researchers from F-Secure said in a blog post Monday.

Oracle released a fix for the targeted vulnerability, which is identified as CVE-2012-0507, back in February and it was included in an update for the Windows version of Java.

People have called Apple out on this before, the lag between official patching of Java and the deployment of the safe version of Java on Mac OS can be months – a dangerous windows of opportunity of malware pimps to spread their wares.

You can disable Java in your browser though, if you’re a Mac user. Or just completely disable it from the OS, details here:

Mac Malware at the Moment

I’m not exactly sure how relevant Java is these days, there is the odd web-site with a Java applet – but it seems pretty rare on the whole.

However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle’s patches to it according to its own schedule, which can be months behind the one for Java on Windows.

Security experts have long warned that this delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right.

After being dropped and executed on the system via the CVE-2012-0507 exploit, the new Trojan horse prompts a dialog window that asks the user for their administrative password.

Regardless of whether the user inputs the password or not, the malware still infects the system, F-Secure said in its description of the malware. The Trojan’s purpose is to inject itself into the Safari process and modify the contents of certain Web pages.

There are rumors that a new exploit for a different unpatched Java vulnerability is currently being sold on the underground market and could be used to target Mac users in a similar way in the future, the F-Secure researchers said.

“If you haven’t already disabled your Java client, please do so before this thing really become an outbreak,” they said. The antivirus company provides instructions on how to do this.

Apple stopped including Java by default in Mac OS X starting with version 10.7 (Lion). However, if Lion users encounter a Web page that requires Java, they are prompted to download and install the runtime and might later forget that they have it on their computers.

As we all know, Java is not exactly the most secure software on your computer – there have been multiple ’emergency’ patches for critical issues in Java in the last couple of years. It ranks up there with Flash and Adobe Acrobat for being the biggest threats to your machine.

As always – stay safe. Some more details here – Mac Flashback Exploiting Unpatched Java Vulnerability

Source: Network World

Share66
Tweet50
Share14
Buffer
WhatsApp
Email
130 Shares

Filed Under: Apple, Exploits/Vulnerabilities, Malware Tagged With: 0day, java vulnerability, mac trojan, mac-security, mac-virus, zero-day



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,629)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,346)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,346)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,676)
  • Password List Download Best Word List – Most Common Passwords (931,820)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,449)
  • Hack Tools/Exploits (672,586)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,846)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy