{"id":3278,"date":"2012-04-03T13:36:53","date_gmt":"2012-04-03T12:36:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3278"},"modified":"2015-09-09T19:36:59","modified_gmt":"2015-09-09T11:36:59","slug":"zero-day-java-vulnerability-exploited-macs-infected-with-flashback-malware","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2012\/04\/zero-day-java-vulnerability-exploited-macs-infected-with-flashback-malware\/","title":{"rendered":"Zero Day Java Vulnerability Exploited – Macs Infected With Flashback Malware"},"content":{"rendered":"

Interesting timing this one, just a couple of days ago we reported – Avira Joins The Crowd & Starts To Offer Mac Antivirus Software<\/a> – and now an unpatched vulnerability in Java for Mac OS that is being exploited in the wild.<\/p>\n

The vulnerability (CVE-2012-0507) was patched in Java by Oracle back in February, but Apple<\/a> roll their own Java for Mac OS and they haven’t rolled in this fix yet.<\/p>\n

Flashback malware<\/a> seems to be evolving pretty fast, it just shows that security in the Apple world is becoming a serious issue.<\/p>\n

A Java vulnerability that hasn’t yet been patched by Apple is being exploited by cybercriminals to infect Mac computers with a new variant of the Flashback malware, according to security researchers from antivirus firm F-Secure.<\/p>\n

Flashback is a computer Trojan horse for Mac OS that first appeared in September 2011. The first variant was distributed as a fake Flash Player installer, but the malware has been changed significantly since then, both in terms of functionality and distribution methods.<\/p>\n

Back in February, several antivirus companies reported that a new Flashback version was being distributed through Java exploits, which meant that the infection process no longer required user interaction.<\/p>\n

The Java vulnerabilities targeted by the February exploits dated back to 2009 and 2011, so users with up-to-date Java installations were protected.<\/p>\n

However, that’s no longer the case with the latest variant of the malware, Flashback.K, which is being distributed by exploiting an unpatched Java vulnerability, security researchers from F-Secure said in a blog post Monday.<\/p>\n

Oracle released a fix for the targeted vulnerability, which is identified as CVE-2012-0507, back in February and it was included in an update for the Windows version of Java.<\/p><\/blockquote>\n

People have called Apple<\/a> out on this before, the lag between official patching of Java and the deployment of the safe version of Java on Mac OS can be months – a dangerous windows of opportunity of malware pimps to spread their wares.<\/p>\n

You can disable Java in your browser though, if you’re a Mac user. Or just completely disable it from the OS, details here:<\/p>\n

Mac Malware at the Moment<\/a><\/p>\n

I’m not exactly sure how relevant Java is these days, there is the odd web-site with a Java applet – but it seems pretty rare on the whole.<\/p>\n