- 16 April 2012 09:35
Apple security team touches down on Planet Earth!
Apple's top-level starting page for security updates, the well-thumbed KB article HT1222, still contains its traditional blunt dismissal:
For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.
But someone in Apple has broken ranks following the recent revelations of a Jolly Big OS X botnet, featuring a Java exploit (Exp/20120507-A) and the now-much-talked-about OSX/FlshPlyr-D malware.
In KB article HT5244, Apple has - apparently for the very first time! - talked about a security problem before it had all its threat reponse ducks in a row:
Apple is developing software that will detect and remove the Flashback malware.
Incidentally, some Apple apologists are still keen for us to exonerate Apple and lump the blame on Oracle.
Arik Hesseldahl, over at AllThingsD, for example, headlined one of his reports on this outbreak with: "What’s This? A Mac Virus? No, Actually It’s a Weakness in Java."
Actually, Arik, it's both. (If you allow me the word virus to mean malware in general, which is how most of the world uses it today.)
It's an exploitable vulnerability in Java, and it's a piece, or rather a family, of Mac malware.
Arik even goes on to explain that the malware "targets a vulnerability in software that is not even an Apple product: Java." Unfortunately, if you have Java on OS X then it pretty much is an Apple product.
Java is part of OS X 10.6 and earlier; it's an official Apple add-on for 10.7. So you can't apply Oracle's updates. Oracle may be the manufacturer, but Apple's the vendor, and you have to wait for Apple's fix.
Sadly, in this case, Exp/20120507-A was still, technically-speaking, a zero-day exploit on OS X some six weeks after it was patched for other operating systems.
Bad luck, this time, for Mac users, but perhaps good news in the long-term.
If nothing else, Apple's security team has touched down on Planet Earth. Apple seems to have decided that sharing information early - even if it's only to say, "We haven't quite finished our technical responses yet, but here's what to do in the meantime" - is better for everyone.
Better for you, for me, and for Apple!
* Patching Java doesn't, on its own, prevent you getting infected by this or any other malware. It makes it much less likely that this outbreak will affect your Mac, but it closes only one of many possible doors of entry for malicious code.
* HT5244 says that "for Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences." Actually, there isn't any other way to close the Java hole. Apple hasn't provided a patch for users of 10.5 or earlier, and isn't saying if it will ever do so.
* Patching Java doesn't mean you aren't already infected. So if you're not sure, you can wait for Apple's Flashback-fixer software to come out, or you can use a product which already detects and cleans it. (Sophos Anti-Virus for Mac Home Edition will do the trick.)
PS. For those of you inclined to let rip in the comments that I'm only discussing Mac malware, and talking up the risks, because we happen to have a free product to "sell" you, please consider an alternative explanation. Perhaps the reason we have a free product to "sell" is because we think there is a genuine risk?
Flash storage represents a quantum leap from the storage layer in terms of performance, however it is crucial companies understand their I/O profile in order to formulate a successful storage strategy. Find out in this eBook how flash storage can be beneficial for enterprises and useful questions to ask before making an informed decision on the purchase.
- CCSenior Systems Engineer - SCOM/SCCM/PowerShellVIC
- CCObjective ECMS Technical ConsultantSA
- FTWeb Programmer/ DeveloperVIC
- FTIT Support AnalystNSW
- CCProgrammer/Analyst Programmer (JAVA/Moblie) 160115/AP/P/vhaAsia
- FTProject Manager | SharePoint, Office 365 SkillsVIC
- CCJava Developer - IOSNSW
- FTJava Full Stack Developer - MelbourneVIC
- FTTechnical WriterNSW
- FTSecurity ArchitectWA
- FTSenior Mobile Developer - IOSNSW
- CCSenior Information Security SpecialistNSW
- CCDesktop Applications PackagerSA
- CCEnterprise Systems Infrastructure SpecialistNSW
- FTHelpdesk support - Level 1VIC
- CCSAP ABAP ProgrammersACT
- CCWeb DeveloperNSW
- CCAEM DeveloperNSW
- CCDesktop Support Engineer/Service Desk AnalystNSW
- CCService Desk ManagerVIC
- CCHybris Developer - Global ConsultancyNSW
- CCOpen_5pm 5th February_Program ArchitectACT
- CCContract Analyst Programmer (JAVA/Crystal Report) 160115/AP/vhsAsia
- FTSystems Administrator/Engineer | Projects & BAU | Coastal Newcastle NSWWA
- FTAndroid DeveloperNSW
Internal and external disruptions can impede business continuity and result in negative repercussions for enterprise productivity and data resources. This whitepaper looks at how improved mobility access can shield companies from unprecedented risks, resulting in greater cost savings and enhanced workforce continuity. It also highlights the benefits of having a mobile workspace technology which enables the workforce to have access to apps, desktops and files in difficult situations. Included are four case studies where organisations are able to demonstrate a high level of business continuity with sound disaster recovery strategies in place.
- Browser maker Opera's board urges sale to Chinese collective for $1.2B
- A new IoT gateway design could be Bluetooth's ticket to the cloud
- LG's G5 smartphone to have 'always on' ability
- Data science achieves the ultimate ROI: a craft beer
- SAP slaps patch on leaky factory software
- Paul McCartney gives Skype some silly love songs
- Microsoft fixes 36 flaws in IE, Edge, Office, Windows, .NET Framework
- Facebook has just 60 days to change its terms and conditions for French users
- Coming to HP's consumer laptops: Smoother video with AMD's FreeSync
- Microsoft delivers Office 2016 to subscribers on the slow train
- Identity thieves obtain 100,000 electronic filing PINs from IRS system
- Retired IT specialist shares inside story of botched National Parks Moose project
- Opera gets acquisition offer from Chinese consortium that includes Qihoo
- US regulator coming around to view that a Google computer could qualify as car driver
- Poseidon hacker group behind long-running extortion scheme