Printed from http://www.electronista.com

Apple cures Flashback malware with third OS X Java update

updated 05:10 pm EDT, Thu April 12, 2012

Java for OS X 2012-003 update pulls Flashback

Apple fulfilled promises of a cure for a rare Mac exploit on Thursday evening by posting another key Java update. Java for OS X 2012-003 for Lion owners, and Java for Mac OS X 10.6 Update 8, both actively remove the "most common variants" of Flashback. Loading the update automatically scans for Flashback and, if it's found, lets the user know that it was pulled.

On Lion only, the update will disable the Java browser and Java Web Start if they haven't been used in 35 days. Users can always reenable them, but the code now won't run by default, preventing users from auto-infecting themselves with any Java-related exploits.

Flashback was the first real large-scale Mac malware instance. Although specific to Java and not the Mac, 98 percent of the infections were Macs, owing in part to a slower patch response. Apple has been making up for lost time by first patching against the exploit and the new removal tool, but it contrasts with Microsoft's semi-rigid "patch Tuesday" practice, where it often fixes any security bugs on a regular monthly interval and often has fixes for surprise attacks within a few days. For Microsoft, however, the faster update cycle came only after a series of major malware outbreaks and having to heavily rework Windows security.

Flashback itself was rendered inert fairly quickly by directing any successful exploits to safe servers.



By Electronista Staff
toggle

Comments

    Comment buried. Show
  1. Arne_Saknussemm

    Forum Regular

    Joined: Apr 2011

    -12

    Nah - Macs do not get malware... Ha!

    your comment

  1. Flying Meat

    Dedicated MacNNer

    Joined: Jan 2007

    +1

    Microsoft's schedule

    "Microsoft's semi-rigid "patch Tuesday" practice, where it often fixes any security bugs on a regular monthly interval and often has fixes for surprise attacks within a few days."

    Unfortunately, the "Patch Tuesday" model as the normal cycle for Microsoft has resulted in nothing getting applied except ON patch tuesday when the entire IT industry checks, gets approval for, and releases those patches.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -3

    The apple way

    On Lion only, the update will disable the Java browser and Java Web Start if they haven't been used in 35 days. Users can always reenable them, but the code now won't run by default, preventing users from auto-infecting themselves with any Java-related exploits.

    Yep, that's apple. "Hey, you haven't used it recently, so we're going to just disable it. Easier that way then to fix the problem." Also goes along well with their whole "We don't like it, we'd prefer you not use it" philosophy.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    Re: Microsoft's schedule

    Unfortunately, the "Patch Tuesday" model as the normal cycle for Microsoft has resulted in nothing getting applied except ON patch tuesday when the entire IT industry checks, gets approval for, and releases those patches.

    That's not true. Standard security holes are patched regularly, and pushed out on a schedule (you know, for stuff that hasn't been broken yet). This was preferred by most people as you weren't constantly being harrassed by security fixes that are important but not yet seen to be a threat (you know, this is exactly what apple does with their patches, except MS follows a schedule, whereas Apple just releases it whenever they feel like it).

    As for zero-day exploits and the like, those are pushed out as soon as they are available. They aren't held until Tuesday or the next month.

    Oh, and IT departments don't check and release those patches immediately upon them being posted. Large ones will test the patches first to make sure their systems don't break. You know, like how the last OS X security patch was released and broke Rosetta.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    Re: Microsoft's schedule

    Oh, and the other joyous part of Microsoft's patches is that they generally release the patches separately, not as one big 'fix'. That way if one of the patches breaks an app or peripheral, you can still install the others while waiting to get a fix.

    AND, even better, if you realize at some point that a patch broke an installation, you can almost always uninstall it! I know, who would want to do that when you can just Archive and Install the OS again. But, you know IT people. Lazy, lazy, lazy.

  1. WiseWeasel

    Junior Member

    Joined: Apr 1999

    +2

    10.5

    So I guess 10.5 users are SOL. Fortunately the Java plugin for web browsers is utterly useless nowadays, and no one would notice its absence. So, 10.5 uses can go to /Library/Internet Plug-Ins/ in the root directory of their hard drive, and toss anything with "Java" in the name into the trash. Do the same for "Real Video" and "Shockwave" while you're at it, as no one uses those anymore either. Once done, your Mac will no longer be vulnerable to this Jave exploit (or forthcoming Real Video and Shockave exploits).

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News