- 16 April 2012 10:05
Apple pumps out yet another Java update
Apple has delivered - or so it says - on its promise to provide a Flashback malware removal tool.
The new update is packaged in two flavours:
* Java for Mac OS X 10.6 Update 8, documented in HT5243.
* Java for OS X Lion 2012-003, documented in HT5242.
Both updates claim that "this Java security update removes the most common variants of the Flashback malware. "
The one for Lion goes a little further:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
The updates also include the latest Java version all over again, 1.6.0_31.
If you're using Snow Leopard, disabling Java in your browser won't happen automatically. It looks as though the Java applet autodisabler is Lion-only.
I'd love to tell you more about the Flashback remover supplied by Apple, but I'm afraid I don't know how.
There's no documentation about it; there's no information about how to run it by hand in the future, or how it works, or what variants of the malware it finds; and - at least on my uninfected 10.6 computer - it didn't give any visual indication that it had run at all. (Three words for Apple about security bulletins: promptness, clarity and openness.)
(Update. HT5247 has a bit more story about the removal tool. It's documented to say nothing if it finds nothing. Thanks to François for pointing this out.)
Also, of course, it won't protect you against reinfection, and it won't protect you against any other Mac malware.
So there you have it. Apple's Java distribution and the Flashback malware addressed in one go. Unless you have OS X Leopard (10.5) or earlier. If you do, you're still out of luck - no patches for you.
PS. See how I resisted the urge to mention the free Sophos Anti-Virus for Mac Home Edition, complete with detection, prevention and remediation of Flashback and heaps of other malware, at any point in the above article :-)
The following report, is based on a global survey of 706 IT and security professionals conducted in the United States, Canada, Germany, United Kingdom, Australia and New Zealand. The goal of the survey was to capture data on current attitudes and trends with mobile devices and IT security. This is the third survey on this topic and this report evaluates differences in responses to similar questions asked over the past two years.
- CCMobile Designer / Developer - IOSNSW
- FTBusiness Management - Account Director - Leading Entertainment ClientNSW
- CCMobile iOS DeveloperNSW
- CCDBA (Oracle/SQL)NSW
- CCFront End Web Developer (Drupal)NSW
- CCMobile Designer / Developer - IOSNSW
- CCSenior Systems EngineerNSW
- FTSenior SQL DBANSW
- CC.Net Solution ArchitectNSW
- FTJunior Media Buyer - Sales CoordinatorNSW
- FT.Net Solution ArchitectNSW
- FTApplication Support SpecialistNSW
- CCSenior Release EngineerNSW
Bolstered by favorable economics, today’s global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously. This DDoS threat spectrum includes conventional network attacks, HTTP and SSL floods, and an emerging wave of low-bandwidth threats, plus the new threat vectors likely to target emerging service platforms.
- British Airways notifies frequent flyers of possible breach of their accounts
- APIs: From developer tool to business model driver
- India backs open source software for e-governance projects
- Vodafone cuts complaints
- GitHub recovering from massive DDoS attacks
- In Pictures: How 20 (mostly) tech companies' logos have evolved over the years
- In Pictures: Worst data breaches of 2014
- In Pictures: 9 security gadgets for mobile devices
- 'Largest DDoS attack' in GitHub's history targets anticensorship projects
- FCC will vote next month on plan to share valuable 3.5GHz spectrum
- Intel could strengthen its server product stack with Altera
- Kleiner Perkins cleared of sex discrimination against Ellen Pao
- Facebook reveals the logic behind its forced Messenger split
- French self-driving car goes for a spin around Paris monument
- Google to bring imaging, sensor technology to the operating room