Share

Top 5 Stories

News

Apple releases Java update with 12 security fixes

04 April 2012

Apple has shipped a Java update for Mac operating systems with 12 security fixes, including one that plugs a hole exploited by a recent variant of the Flashback malware.

Specifically, the Java update is for OS X Lion 2012-001 and Mac OS X 10.6 Update 7. Apple cautioned that “visiting a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.”

This is the process that the recent variant of the Flashback malware uses to gain control of machines, noted Intego’s Mac Security blog.

“Java is quickly becoming a new vector of attack for malware, and the Flashback malware has notably used Java in several different ways, taking advantage of known or unpatched vulnerabilities to get through a Mac’s defenses”, the blog warned.

“Java applets are not affected by Mac OS X’s quarantine system. This means that Mac users do not get a warning dialog when Java applets are downloaded as objects in a web page. This also gets around Apple’s Xprotect malware scanning system, which does not scan objects in web pages”, it added.

Sophos researcher Chester Wisniewski criticized Apple for taking six weeks to plug the Java security hole.
“This does make you wonder whether Apple takes security as seriously as it should. Perhaps its public facing image of being invulnerable is the prevailing attitude within the company. Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear. Fortunately, once it became a problem the company responded quickly”, he wrote in a Naked Security blog.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×