- 16 April 2012 10:05
Apple pumps out yet another Java update
Apple has delivered - or so it says - on its promise to provide a Flashback malware removal tool.
The new update is packaged in two flavours:
* Java for Mac OS X 10.6 Update 8, documented in HT5243.
* Java for OS X Lion 2012-003, documented in HT5242.
Both updates claim that "this Java security update removes the most common variants of the Flashback malware. "
The one for Lion goes a little further:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
The updates also include the latest Java version all over again, 1.6.0_31.
If you're using Snow Leopard, disabling Java in your browser won't happen automatically. It looks as though the Java applet autodisabler is Lion-only.
I'd love to tell you more about the Flashback remover supplied by Apple, but I'm afraid I don't know how.
There's no documentation about it; there's no information about how to run it by hand in the future, or how it works, or what variants of the malware it finds; and - at least on my uninfected 10.6 computer - it didn't give any visual indication that it had run at all. (Three words for Apple about security bulletins: promptness, clarity and openness.)
(Update. HT5247 has a bit more story about the removal tool. It's documented to say nothing if it finds nothing. Thanks to François for pointing this out.)
Also, of course, it won't protect you against reinfection, and it won't protect you against any other Mac malware.
So there you have it. Apple's Java distribution and the Flashback malware addressed in one go. Unless you have OS X Leopard (10.5) or earlier. If you do, you're still out of luck - no patches for you.
PS. See how I resisted the urge to mention the free Sophos Anti-Virus for Mac Home Edition, complete with detection, prevention and remediation of Flashback and heaps of other malware, at any point in the above article :-)
When Canadian food distributor George Weston Limited moved to Microsoft Office 365, it chose F5 Application Delivery Controllers to centrally manage user traffic to its Active Directory Federation Services (ADFS) servers.
This whitepaper describes how to gain flexible, end-to-end management of the ever-changing mobile workforce landscape with suitable Enterprise Mobility Management (EMM). • Employing best practices can set you on the right course for addressing current needs and planning for the future • Change is the only constant in the mobile workforce landscape with multiple new models per year, frequent OS updates and new vendors emerging • Employees are resistant to corporate security policies and corporate control if it impedes their productivity or personal privacy
- Sony looking for ways to distribute 'The Interview' online
- Sony hack was 'cyber vandalism,' not act of war, says Obama
- US rejects North Korea offer to investigate Sony hack, reaches out to China
- North Korea wants joint probe into Sony hack, warns of consequences if not
- Staples says hack may have compromised 1 million-plus payment cards
- Judge questions evidence on whether NSA spying is too broad
- Twitter parody of North Korea's mouthpiece not afraid to crow over Sony's capitulation
- Three ways enterprise software is changing
- Google may launch Android Auto, making your car a big mobile device
- After FBI blames North Korea for Sony attack, now what?
- T-Mobile to pay $90M for unauthorized charges on customers' bills
- Buckle up IT: The enterprise needs you for cloud adoption
- Companies battle for control of Italy's national fiber network
- Obama promises response on Sony hack, says pulling movie was mistake
- Microsoft hits Windows tech support scammers with lawsuit