- 16 April 2012 10:05
Apple pumps out yet another Java update
Apple has delivered - or so it says - on its promise to provide a Flashback malware removal tool.
The new update is packaged in two flavours:
* Java for Mac OS X 10.6 Update 8, documented in HT5243.
* Java for OS X Lion 2012-003, documented in HT5242.
Both updates claim that "this Java security update removes the most common variants of the Flashback malware. "
The one for Lion goes a little further:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
The updates also include the latest Java version all over again, 1.6.0_31.
If you're using Snow Leopard, disabling Java in your browser won't happen automatically. It looks as though the Java applet autodisabler is Lion-only.
I'd love to tell you more about the Flashback remover supplied by Apple, but I'm afraid I don't know how.
There's no documentation about it; there's no information about how to run it by hand in the future, or how it works, or what variants of the malware it finds; and - at least on my uninfected 10.6 computer - it didn't give any visual indication that it had run at all. (Three words for Apple about security bulletins: promptness, clarity and openness.)
(Update. HT5247 has a bit more story about the removal tool. It's documented to say nothing if it finds nothing. Thanks to François for pointing this out.)
Also, of course, it won't protect you against reinfection, and it won't protect you against any other Mac malware.
So there you have it. Apple's Java distribution and the Flashback malware addressed in one go. Unless you have OS X Leopard (10.5) or earlier. If you do, you're still out of luck - no patches for you.
PS. See how I resisted the urge to mention the free Sophos Anti-Virus for Mac Home Edition, complete with detection, prevention and remediation of Flashback and heaps of other malware, at any point in the above article :-)
This whitepaper is the second in a three-part series on distributed denial of service attacks (DDoS) and multi-tier DDoS protection. This section details the design and capabilities of different forms of protection architecture designed for a variety of circumstances, while also providing alternative approaches. The paper also explains how to maintain availability, including network and application defense and DNS DDoS Mitigation.
- FTCampaign Managers | RTB | Display + Video | Trading desk |SydneyNSW
- FTBrand Relationship Manager | RTB Trading Desk | Digital Advertising | SydneyNSW
- FTOBIEE BI/DW ConsultantNSW
- FTMicrosoft Business Intelligence ConsultantNSW
- FTContent StrategistNSW
- FTIT Support EngineerNSW
- FTMicrosoft Business Intelligence DeveloperNSW
- FTDeliverability SpecialistNSW
Valuable data can be a needle in a haystack, but by leveraging the value in existing information assets, organisations can generate real and achievable gains in revenue generation, IT investments and productivity gains. This whitepaper discusses how Information Management (IM) is a multi-faceted discipline that can be employed to meet or exceed your business objectives.
- Google invites Glass wearers to brave LA's beaches
- Telerik frees HTML5 collection of components
- Space X rocket en route to ISS with space laser cargo
- AMD steers clear of low-cost tablet market
- Experts: Avoid big mistakes with Oracle's Exadata
- Steve Jobs' character becomes issue in Silicon Valley no-hiring case
- FCC vote on incentive auction plan could further open broadband competition
- Google tech to bring 3D mapping smarts to NASA's space station robots
- Plastic computers taking shape, but won't replace silicon
- Apple has bigger plans than just song ID with Shazam deal
- Satellite communication systems rife with security flaws, vulnerable to remote hacks
- Americans cool with lab-grown organs, but not designer babies
- IE6: Retired but not dead yet
- Twitter to promote app downloads in mobile timelines
- Can you hear me now? NASA to test laser communication system