Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 15 aprile 2012

Apple issues software update to fix Flashback vulnerabilities and disable Java

Apple released a software update last night for Java which will remove the commonest variants of the Flashback malware.

The update for OS X Lion 2012-003 configures the Java web plug-in to disable the automated execution of Java applets, in response to an Apple statement. Apple said that users may re-enable automatic execution of Java applets using the Java Preferences application and if the Java web plug-in detects that no applets were run for a protracted time period, it should again disable Java applets. Another was released for Mac OS X 10.6 Update 8.

Wolfgang Kandek, CTO of Qualys, said that the releases were "quite innovative" because the new edition doesn't fix any vulnerabilities, but instead addresses two of the present Java on Mac landscape problems.

He said: “It erases the known variants of the Flashback Trojan and it automatically disables Java when it has not been used for the last 35 days. Users need to then re-enable it manually (in Java Preferences) after they need it.

“This is exciting and to my knowledge nobody has done something like this before. It makes total sense to me: we've got been telling users to disable or uninstall Java in the event that they don't have it, but we all know thoroughly that only very security conscious users will accomplish that. Given the duty of monitoring Java use to the pc itself is a good idea and it'll be interesting to work out how user acceptance will determine .”

Paul Ducklin, head of technology for Sophos Asia Pacific, was critical of the shortcoming of documentation concerning the patch from Apple or what variants of the malware it finds, and said that it doesn't give any visual indication that it had run in any respect.

He said: “Also obviously, it won't protect you against reinfection, and it won't protect you against the other Mac malware. So there you've it. Apple's Java distribution and the Flashback malware addressed in a single go. Unless you have got OS X Leopard (10.5) or earlier. In the event you do, you are still out of luck â€" no patches for you.”

Mac security firm Intego said that Java is fast becoming a brand new vector of attack for malware, and Flashback has notably used Java in numerous other ways by cashing in on known or unpatched vulnerabilities to get through a Mac's defences.

“Java applets aren't laid low with Mac OS X's quarantine system. Because of this Mac users don't get a warning dialog when Java applets are downloaded as objects in an internet page. This also gets around Apple's Xprotect malware scanning system, which doesn't scan objects in websites,” it said.

Apple previously released a patch for a flaw in Java at the beginning of April to shut a dozen holes in Java 1.6.0_29. 



Pubblicato da alle 02:01

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)