Serious Mac flaw needs urgent fix.Macs infected with the Flashback Trojan.

[johnbeth]

Apple releases patch as 500,000 Macs infected with the Flashback Trojan.
Apple has released an urgent patch that will fix a security hole in its Mac operating system that has allowed some 30,000 Mac computers in Australia and more than 500,000 worldwide to be infected with malicious software (malware).

The critical update to Apple's version of Java for Mac OS X plugs at least a dozen security holes in the program and mends a flaw that attackers have recently pounced on to broadly deploy a malicious software program, known as Flashback Trojan, both on Microsoft's Windows and Apple's Mac operating systems.

Flashback Trojan's most recent variant (it has been around since 2011) self installs after users visit legitimate websites that have been infected to distribute the program - a process known as drive-by download. Once installed, the malware sniffs data traffic from the computer in search for user names and passwords.

The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.

The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan has successfully infected more than 550,000 Macs (hat tip to Adrian Sanabria who wrote on his blog "(...) many Mac users have been lured into a false sense of security, and will be, or may already be, in for a rude awakening. Apple's marketing efforts are at least partially responsible for this."). Dr.Web's post is available in its Google translated version here.

Flashback is an increasingly sophisticated malware strain that sniffs network traffic in search of user names and passwords. Early versions of it prompted Mac users to enter their password before it would run, but the most recent strains will happily infect vulnerable Mac systems without requiring a password, writes Ars Technica, among others. F-Secure has additional useful information on this Trojan attack here.
As Ars notes, although Apple stopped bundling Java by default in OS X 10.7 (Lion), it offers instructions for downloading and installing the Oracle-developed software framework when users access webpages that use it. If you need Java on your Mac only for a specific application (such as OpenOffice), you can unplug it from the browser by disabling its plugin. In Safari, this can be done by clicking Preferences, and then the Security tab (uncheck "Enable Java"). In Google Chrome, open Preferences, and then type "Java" in the search box. Scroll down to the Plug-ins section, and click the link that says "Disable individual plug-ins." If you have Java installed, you should see a "disable" link underneath its listing. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s).

Delete Java
I can't stress this point strongly enough: If you don't need Java, remove it from your system, whether you are a Mac or Windows user. If you need further convincing of my reasons for this recommendation, I'd encourage you to browse through some of my past Java-related posts.
Apple maintains its own version of Java, and as with this release, it has typically fallen unacceptably far behind Oracle in patching critical flaws in this heavily-targeted and cross-platform application. In 2009, I examined Apple's patch delays on Java and found that the company patched Java flaws on average about six months after official releases were made available by then-Java maintainer Sun. The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on February 17. I suppose Apple's performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don't need to be concerned about malware attacks

[77T]

Thanks installing patch - Java for OS X 2012-001

Too many Java enabled web Apps to drop it entirely.

See http://support.apple.com/kb/HT5055 for more details about this update.

See http://support.apple.com/kb/HT1222 for information about the security content of this update.

[InTime]

doesnt yahoo mail need java

[bayerische]

Running software updater now.

[Bobble]

Thanks for that, I just ran software update and it just downloaded a Jave update

[HL65]

Just ran it John--thanks!!

[KKB]

Thanks for the heads-up. I don't do software updates very often. Will update my Macs today.

[1675-David]

uppdated, thanks for the heads up

[joleel7]

Thanks for the information

[robertneville]

you might want to make sure you don't have it.

http://www.f-secure.com/v-descs/troj...shback_i.shtml

[johnbeth]

Excellent everyone for updating their macs.. Patches are important especially if you are a pc user like myself.

[FNFZ4]

Great news!!!

[tattooedfagin]

had no update here in the UK, just searched my Mac for Java & only had VM or Preferences but both when selected said to open i needed 'runtime' installed so i'm guessing i'm ok ?

[daveathall]

Apple have released a further java update.

http://www.macrumors.com/2012/04/06/...a-in-two-days/

Just installed using "software update"

[Lol-x]

Just download and install the update (for free) and you will be fine.

[tranny]

Hellboy re: Macs: "industrable my ass"

[johnbeth]

Quote:

Originally Posted by transio

Hellboy re: Macs: "industrable my ass"

[ReMember]

Quote:

Originally Posted by transio

Hellboy re: Macs: "industrable my ass"

What is industrable??

[MoBe]

Quote:

Originally Posted by ReMember

What is industrable??

It`s a Mac with a speach impediment. (caused by a virus)

[tranny]

Quote:

Originally Posted by ReMember

What is industrable??

In-des-truct-i-ble. It means it cannot be destroyed.

http://lmgtfy.com/?q=%22industrable+my+ass%22

[Bangel]

Thanks for the heads up. I'm new on the Mac bandwagon, still learning the ropes and found this very helpful.

[HYDROMAROC]

Ha Ha... Welcome to the crap that PC have had to deal with for years....

[daveathall]

New software update.

Quote:

Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes "the most common variants of the Flashback malware." Interestingly the update disables Java for users who haven't used it recently and disables the automatic execution of Java applets.

[subtona]

Quote:

Originally Posted by HYDROMAROC

Ha Ha... Welcome to the crap that PC have had to deal with for years....

been a mac user since day one, the little gray box... also fully aware of the shortcomings of pc since day 1.

it would be nice if pc didn't suffer as bad as they did, but at least there was a better choice ... you could have joined anytime, you chose not to?.

[Kevin B]

Am I the only one that thinks this thread is in regards to a problem with a McDonalds menue item every time I glance at it?