Apple Java update removes Flashback malware

Posted:
in macOS edited January 2014


Apple on Thursday released a software update to remove Flashback, the most notorious Mac trojan to date, which reportedly affected some 600,000 Macs worldwide.



According to Apple, the Java security update removes the "most common variants" of the Flashback malware and offers further protection from future iterations by configuring the web plug-in to disable the automatic execution of Java applets.



From the release notes:

Quote:

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.



This update is recommended for all Mac users with Java installed.











The Flashback trojan created a botnet of more than 600,000 Macs around the world and tracked web browsing information, user IDs and passwords. By exploiting a Java security hole, the malicious software was able to install itself automatically on a user's computer after they visited an offending website. Flashback was first discovered last year and evolved into the self-installing version seen today.



The download, which supersedes recent Java patches, is available via Software Update and comes in at 66.8MB.



[ View article on AppleInsider ]

«1

Comments

  • Reply 1 of 32
    adamwadamw Posts: 114guest
    I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!
  • Reply 2 of 32
    cinder6cinder6 Posts: 38member
    Quote:
    Originally Posted by adamw View Post


    I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!



    Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?



    http://www.f-secure.com/v-descs/troj...shback_i.shtml



    Regardless, I ran the update and have done the discovery steps of the manual removal progress, and found nothing.
  • Reply 3 of 32
    mstonemstone Posts: 11,510member
    I know everyone wants to blame Java for this vulnerability and they should, however, allowing an application to auto install by visiting a website? Give me a break. That is something that neither the browser nor the OS should allow. Why they let a browser plugin write anything to disk other than a cookie or an html5 db, I do not know.
  • Reply 4 of 32
    Quote:
    Originally Posted by adamw View Post


    I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!



    It will be interesting to see if Apple can find a way to prevent future threats without resorting to using an active or passive virus/trojan scanner. Locking down the execution of applications to signed apps is one step. Not sure how that will apply to Flash or Java applications started from the browser or malicious code somehow run within the browser.
  • Reply 5 of 32
    Quote:
    Originally Posted by mstone View Post


    I know everyone wants to blame Java for this vulnerability and they should, however, allowing an application to auto install by visiting a website? Give me a break. That is something that neither the browser nor the OS should allow. Why they let a browser plugin write anything to disk other than a cookie or an html5 db, I do not know.



    Yeah, there should be multi-layer protection here. Java should restrict apps, the OS should sandbox Java, and Safari should not be executing Java apps/applets without specific user approval.
  • Reply 6 of 32
    adamwadamw Posts: 114guest
    Quote:
    Originally Posted by Cinder6 View Post


    Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?



    I was infected via the Java vulnerability. I used the manual Flashback trojan removal instructions, was reported as infected, and uninstalled the files F-secure recommended. Re-ran the instructions twice and came up clean. Later, someone recommended I try Little Snitch and I installed, and immediately found 2 infected program files trying to send data out to suspicious web sites. Googled the file names and found other Mac users had these same files with the trojan also, so I manually removed these 2 files. Have run Little Snitch ever since and have had no more trojan activity reported.



    Also, Apple's Java update and trojan removal tool that was released today did not report the trojan on my Mac, although several other people saw a trojan detected error message like this upon installing the update from Apple today:



    https://www.facebook.com/photo.php?f...type=1&theater
  • Reply 7 of 32
    drblankdrblank Posts: 3,385member
    They say to also deactivate Java, does that include clicking off both Java and Java Script from Safari Preferences or just Java?
  • Reply 8 of 32
    cpsrocpsro Posts: 3,192member
    Quote:
    Originally Posted by AppleInsider View Post


    Apple on Thursday released a software update to remove Flashback



    For sure this time!
  • Reply 9 of 32
    quinequine Posts: 15member
    Quote:
    Originally Posted by drblank View Post


    They say to also deactivate Java, does that include clicking off both Java and Java Script from Safari Preferences or just Java?



    Despite their name similarity, Java and JavaScript are not related in any way really. JavaScript was named that because of marketing reasons, which to this day confuses most users because it seems absurd that two things with such clearly related names have no relation.



    To answer your question, just Java.
  • Reply 10 of 32
    jragostajragosta Posts: 10,473member
    I'm skeptical of the whole thing. The original claim was that there were 600,000 infected Macs. Early today (before Apple had released a fix), the claim was that there were 230,000 to 270,000 infected Macs.



    So did 60% of the Macs heal themselves? I think it's extremely unlikely that 60% of infected Mac users went through the trouble of fixing the problem manually. Far more likely that the numbers are wrong.
  • Reply 11 of 32
    asciiascii Posts: 5,936member
    Ha - their solution is to turn of Java by default.



    This is realistic though. HTML/Javascript/CSS are a lot more powerful than they used to be, so Applets shouldn't be required as much these days. And if you really do need local filesystem access, then write an app and put it in the App Store. If you can write Java you can write ObjC.
  • Reply 12 of 32
    pbpb Posts: 4,255member
    Quote:
    Originally Posted by jragosta View Post


    I'm skeptical of the whole thing. The original claim was that there were 600,000 infected Macs. Early today (before Apple had released a fix), the claim was that there were 230,000 to 270,000 infected Macs.



    So did 60% of the Macs heal themselves? I think it's extremely unlikely that 60% of infected Mac users went through the trouble of fixing the problem manually. Far more likely that the numbers are wrong.



    Likely, but we don't know and we never will. As I said in the other discussion, I got a false alarm from the online tool of Kaspersky (I know that I am not infected since I disabled Java years ago and the scan tools show me clean). So the whole affair of counting the number of infected Macs looks at least suspicious.
  • Reply 13 of 32
    robin huberrobin huber Posts: 3,949member
    I have tried Software Update several times and all I get is some Camera Raw update. I am running Lion. I am also in the Cupertino time zone. Are they rolling it out and we're the last to get it?
  • Reply 14 of 32
    robin huberrobin huber Posts: 3,949member
    Just ran it again--nothing. Is it possible that Updater checks first, and only offers the update if you need it?
  • Reply 15 of 32
    Time to dig a grave for Java -- good riddance, along with Flash!



  • Reply 16 of 32
    Not nearly good enough. Others, with far fewer resources beat them. Apple need a pro-active security team and a dedicated Mac OS security app. After all, there's an app for absobloodylutely everything else on the App Store. The larger the Mac market share the more visible Apple needs to be with efforts to protect its users and the consequences resulting from their customers using Apple computers. MS are well ahead with MSE and the package is amongst the best available for Windows.



    Apple have clearly acquired far more money than sense.



    Few more blunders like this and AAPL will be 50% down from where it is now. All this insularity is SJ's fault and has become a cancerous disease at Apple.
  • Reply 17 of 32
    Quote:
    Originally Posted by Robin Huber View Post


    Just ran it again--nothing. Is it possible that Updater checks first, and only offers the update if you need it?



    I never use Java and always rely on Click to Flash. Sill, it appeared on Software update for me even after terminal commands had shown none of my Mac's compromised.
  • Reply 18 of 32
    hill60hill60 Posts: 6,992member
    I am among the 99% of Mac users not affected...



    ...at all...



    ...period.
  • Reply 19 of 32
    quadra 610quadra 610 Posts: 6,757member
    Quote:
    Originally Posted by Bloodshotrollin'red View Post


    Not nearly good enough. Others, with far fewer resources beat them. Apple need a pro-active security team and a dedicated Mac OS security app. After all, there's an app for absobloodylutely everything else on the App Store. The larger the Mac market share the more visible Apple needs to be with efforts to protect its users and the consequences resulting from their customers using Apple computers. MS are well ahead with MSE and the package is amongst the best available for Windows.



    Apple have clearly acquired far more money than sense.



    Few more blunders like this and AAPL will be 50% down from where it is now. All this insularity is SJ's fault and has become a cancerous disease at Apple.



    Delusional fear-mongering.



    It's a trojan. We get a new one every 2 years or so.



    The vast majority of users aren't affected. Still no tsunami of malware that was always predicted by the frustrated and envious.



    MS *needs* be ahead of everyone else because they foisted technological swiss cheese on hapless users for years, resulting in what, over 100,000 pieces of malware for Windows? That might even be a conservative figure.



    MS needs to be ahead because they screwed everyone. They're responsible for lord only knows how much data loss over a period of what, 20 or more years? Apple's current approach is perfectly in line with the threat level to Macs, which despite market share increases is still the same as it was 4-5 years ago.



    Please stop posting misinformation. Even if it is just your opinion, make sure it's informed, rather than sensationalized.
  • Reply 20 of 32
    quadra 610quadra 610 Posts: 6,757member
    Quote:
    Originally Posted by jragosta View Post


    I'm skeptical of the whole thing. The original claim was that there were 600,000 infected Macs. Early today (before Apple had released a fix), the claim was that there were 230,000 to 270,000 infected Macs.



    So did 60% of the Macs heal themselves? I think it's extremely unlikely that 60% of infected Mac users went through the trouble of fixing the problem manually. Far more likely that the numbers are wrong.



    Media-frenzy + FUD by Apple competitors and haters (which is often responsible for the media frenzy.) The latter doesn't have what it takes to compete, and their user-base ends up with perennial Apple-envy.



    Here's an idea for Apple's competitors: make products that don't suck ass and which consumers will want to buy, and buy more of.
Sign In or Register to comment.