Mac Flashback Trojan: If you use Java the time to patch your Mac is now
If you are a Mac user and you have Java installed on your Mac, then right now would be a good time to run Software Update… from the Apple menu to make sure you have installed the latest Java for Mac OS X update. Installing this update will help protect your Mac from a malicious software attack being referred to in the media as Mac Flashback Trojan. News of the Mac Flashback Trojan attack has been spreading rapidly and with good reason; this software exploits Java to seriously compromise sensitive data such as usernames and passwords. (Note: Even though users of ESET Cybersecurity for Mac are already protected against this latest version of OSX/Flashback, as well as previous versions, we still recommend that you perform this update right away.)
We will be posting more details of this threat as they emerge but for now the main thing to know is that a patch is available and you should perform the update. In fact, I just ran Software Update on my own Mac and here's what it looks like if you have not yet installed the update.
As you can see, I am still running Mac OS X 10.6. The update is also available for Lion. Although Lion does not come with Java insatalled, you may have installed Java on your Lion machine in order to run certain applications (or it might be left over if you upgraded to Lion from a previous version of Mac OS X).
The update addresses a number of known vulnerabilities in Java (CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507). There is more information about the security issues addressed by this update in Apple Knowledge Base article HT5228. which states:
"Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user."
Regular readers of this blog will know that malware exploiting Java vulnerabilities is not a new problem for Mac OS X or any other platform for that matter. Only last week we took an in-depth look at a targeted malware attack that exploited a Java vulnerability and carried a Mac OS X payload. That Java vulnerability had been patched by Apple some time ago. By installing this latest update right now you will help close the window of vulnerability being exploited by the Mac Flashback Trojan.