Apple update rids infections, disables Java

By Dan Kaplan on Apr 16, 2012 7:48 AM
Filed under Security

Combats Flashback.

Apple has released a third Java update related to the outbreak Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan.

The update, for Mac OS X 10.7 (Lion) and 10.6 (Snow Leopard), will kill the most common strains of the malware, which is capable of stealing data and hijacking search traffic, among other malicious actions, and contaminated at its peak some 650,000 machines, according to experts.

The fix from Apple also disables the automatic execution of Java applets, which are most commonly used by the average user to play games and view certain images on websites. Individuals who want Java to automatically run can adjust their settings by visiting the software's "Preferences" application. But be warned: If the Java add-on detects that the software hasn't run in 35 days, it will again turn off Java, though this capability is only available for Lion users.

Some security experts said they supported that type of functionality, which is important considering many computer users run unneeded and out-of-date third-party software, which is commonly used to exploit their machines.

Mikko Hypponen, chief research officer of anti-malware provider F-Secure, tweeted on  Friday: "I like the idea of Safari disabling the Java plug-in if unused for 35 days. Next, we need to do the same on all browsers. For all plug-ins."

Ian Melven, a senior security engineer at Mozilla, responded in a tweet that he and his team are working on similar features for the Firefox browser.

Meanwhile, on Friday, security firm Symantec said it has discovered a trojan that is taking advantage of the same (now-patched) vulnerability in Java that Flashback used to spread.

Known as "Sabpab," the "very low" risk trojan, when installed on a machine, opens a back door that can enable a remote attacker to create new processes, download files, take screenshots or install additional malware.

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Apple update rids infections, disables Java
Tags
 
 
 
 
 
Top Stories
Telstra opens high-tech flagship store
Reseller shops will need to emulate 'Discovery Store'.
 
Startup gets keys to Fujitsu's Perth data centre
Cloud Lands adds big vendor credibility.
 
Don't let software licensing become a car crash
Reseller get a licence to bill in a cloud world.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 331 | September 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.