Apple has released security patches for Java, which address around 12 separate security flaws after their operating system OS X was found to be vulnerable to Flashback Trojan. Security experts worried about these potential damage from malware. They recommended ditching Java until it had been plugged. While those who were using Microsoft’s Windows Operating System were at highest level of risk initially, the Mac Security blog Intego found a new Flashback variant in wild on beginning of March, created to target especially Apple OS X users.
The new patch is available in the update manager for Mac OS X 10.6 and 10.7 operating systems and is described by Apple as targeting “multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow a Java applet which is untrusted to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. “
On the basis of further investigations that has done by Sucuri Security located a considerable number of infected websites which uses older releases of WordPress with the "ToolsPack" plug-in installed. On the analysis of these plug-in revealed that it was simply a backdoor which allow hackers to execute any code on a infected website. It is believed that these sites are re-directing the browsers of the Mac OS X users to the webpages that contain the new strain of Flashback malware.
It is good that Apple has finally patched the vulnerabilities that Windows users saw updates for back in February, it's rumored that one critical flaw remains, where the F-Secure says is being actively discussed on underground forums where money is also being exchanged in return for the exploit code.
"It is strongly recommended to update your Java client to the latest version, disable it when not needed, or better yet, remove it completely if you don’t really need it," the F-Secure said in a blog post.
Attacks are rarely as serious in nature on Apple’s OS X platform, but there is no doubt that exploits are increasing as hackers realize the value of targeting their Operating System. More alarmingly, this new malware called the Flashback malware has opened up another potential problem – Apple by all accounts has been very slow to respond to security fixes that Oracle released for their affected software used on Windows back in February.
0 comments:
Post a Comment