Apple releases a SECOND OS X patch in a week; more patches on Tuesday

If you are running Apple Mac computers with OS X, you need to patch your system software.  There is a world-wide botnet of OS X computers that have been infected through an unpatched vulnerability in Apple's version of Java.  The earlier patch fixed Java.  We don't yet know what the second patch fixes, although there are reports it's an update to the first patch.  Read the linked pages below for more info.

Second source confirms: 1 in 100 Macs are infected by Flashback | ZDNet

By Ed Bott | April 6, 2012, 3:10pm PDT

Summary: A second source has now confirmed previously reported research: at least 600,000 Macs worldwide are infected with the Flashback malware downloader. That’s a staggering number, representing about 1% of the installed base of Macs. So what’s next?

Two independent sources have now confirmed that at least 600,000 Macs worldwide have been infected with the malware downloader called Flashback.

That number is not just an estimate. It’s a count of unique hardware IDs reporting in to a command-and-control server.

Apple releases another update to quell Flashback spread - SC Magazine

Apple released a second security update on Friday in its continuing battle against the Flashback trojan, which already has infected nearly 650,000 Macs worldwide.

The computing giant may have found a glitch in its first update for Java,
which contained a vulnerability that enabled the spread of Flashback.
That forced Apple to follow up with a second patch, which is only for
Mac OS X 10.7 (Lion), according to a blog post from security firm Intego.

ISC Diary | Another OS X Java Patch

Published: 2012-04-06,
Last Updated: 2012-04-06 16:33:36 UTC
Only a couple days after releasing the critically late Java patch (2012-001), Apple released another Java update. At this point, Apple's site doesn't mention what this new patch fixes, or why it was released. But eventually, you may see details at http://support.apple.com/kb/HT1222 . Too bad that Apple isn't getting its security house in order. It appears that OS X has reached a level of market penetration that would require a company with a meaningful security response capability behind it.

Just a couple of additional pointers for OS X security:

- Sophos is making a free Antivirus product for OS X. I am running it for a few months now without bad side effects. http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

Just so Windows users don't feel left out, they should get ready for a busy week next week.  Reports are that a critical security hole in IE is being patched.  And next Tuesday is also Adobe's "Patch Tuesday"; they have announced critical patches for Adobe Reader and Adobe Acrobat 9 and 10 will be released then.

ISC Diary | Microsoft April Patch Tuesday Pre-Announcement (6 Patches)

Microsoft April Patch Tuesday Pre-Announcement (6 Patches): http://technet.microsoft.com/en-us/security/bulletin/ms12-apr

Adobe - Security Advisories: APSB12-08 - Prenotification Security Advisory for Adobe Reader and Acrobat

Adobe is planning to release security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh on Tuesday, April 10, 2012.