Unpatched Java bug infects Macs with Flashback malware
The Flashback.K variant is distributed via exploits for a known Java vulnerability that Apple has yet to patch
IDG News Service - A Java vulnerability that hasn't yet been patched by Apple is being exploited by cybercriminals to infect Mac computers with a new variant of the Flashback malware, according to security researchers from antivirus firm F-Secure.
Flashback is a computer Trojan horse for Mac OS that first appeared in September 2011. The first variant was distributed as a fake Flash Player installer, but the malware has been changed significantly since then, both in terms of functionality and distribution methods.
Back in February, several antivirus companies reported that a new Flashback version was being distributed through Java exploits, which meant that the infection process no longer required user interaction.
The Java vulnerabilities targeted by the February exploits dated back to 2009 and 2011, so users with up-to-date Java installations were protected.
However, that's no longer the case with the latest variant of the malware, Flashback.K, which is being distributed by exploiting an unpatched Java vulnerability, security researchers from F-Secure said in a blog post Monday.
Oracle released a fix for the targeted vulnerability, which is identified as CVE-2012-0507, back in February and it was included in an update for the Windows version of Java.
However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle's patches to it according to its own schedule, which can be months behind the one for Java on Windows.
Security experts have long warned that this delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms that they were right.
After being dropped and executed on the system via the CVE-2012-0507 exploit, the new Trojan horse prompts a dialog window that asks the user for their administrative password.
Regardless of whether the user inputs the password or not, the malware still infects the system, F-Secure said in its description of the malware. The Trojan's purpose is to inject itself into the Safari process and modify the contents of certain Web pages.
There are rumors that a new exploit for a different unpatched Java vulnerability is currently being sold on the underground market and could be used to target Mac users in a similar way in the future, the F-Secure researchers said.
"If you haven't already disabled your Java client, please do so before this thing really become an outbreak," they said. The antivirus company provides instructions on how to do this.
Apple stopped including Java by default in Mac OS X starting with version 10.7 (Lion). However, if Lion users encounter a Web page that requires Java, they are prompted to download and install the runtime and might later forget that they have it on their computers.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Malware and Vulnerabilities White Papers |