Tuesday, April 17, 2012

Mac Users need to update Java AGAIN

If you're running an Apple Mac with OS X 10.6 or later, you need to make sure your software is up-to-date, as Apple has updated Java again.  Sorry, OS X 10.5 and earlier users, you're out of luck, and it doesn't look like Apple is ever going to patch these older versions.  Users of older Macs should uninstall or disable Java ASAP as there is an unpatched vulnerability that makes you subject to drive-by infection.

AFAICT Apple has abandoned users of Tiger and Leopard (v10.5).  Apple expects users to pay to upgrade at least to OS X 10.6 (Snow Leopard) or 10.7 (Lion).  If your computer won't run one of those, too bad, so sad, please give Apple more money for a newer Mac (or switch to Linux, which is free).  BUT see the last item below for more info on what you can do if you're using an old Mac.

Third Apple Java update rids infections and turns off Java - SC Magazine
Apple has released a third Java update related to the outbreak Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan.
ISC Diary | Flashback Trojan Removal Tool Released
Published: 2012-04-14
Earlier in the week Apple released a Java update which included software to remove the Flashback Trojan from OS X Lion machines running Java.

The Flashback Trojan removal tool is now also available for OS X Lion machines not running Java. This Flashback malware removal tool is available through the OS X Software Update tool, or from Apple's downloads site at http://www.apple.com/support/downloads/.
About the security content of Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8
This document describes the security content of Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
About the security content of Flashback malware removal tool
Available for: OS X v10.7 or later without Java installed

I just came across this interesting note -- and if I were a home user, I would certainly be using OpenDNS instead of Comcast's DNS or Qwest's DNS:

OpenDNS´s Allison Rhodes reports that OpenDNS ... is blocking the Flashback Trojan. People not yet using OpenDNS need only to set up the service on their wireless router, computer or device to secure their computers and devices from the attack.

... Even for those people who find their machine has already been infected by Flashback, Rhodes maintains, enabling OpenDNS will prevent the malware from connecting to its command and control and causing your machine any damage.

To set up the OpenDNS free service, you need simply create an account, choose your router or computer and follow the step-by-step instructions. Note that setting up OpenDNS on your router will protect all devices connecting to the Internet through your WiFi network, and Windows users should use OpenDNS, too.

For more information, visit http://blog.opendns.com/

Seen here: Free mini-apps to check your Mac for Flashback malware infection AppleTell.

No comments: