Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Update OS X Java to Avoid Spreading Mac Malware by Corey Nachreiner

Summary:
  • This vulnerability affects: OS X 10.7.x (Lion) and 10.6.x (Snow Leopard)
  • How an attacker exploits it: By enticing you to a website containing maliciously crafted Java
  • Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges
  • What to do: Install Java for OS X Lion 2012-001 or Java for OS X 10.6 Update 7 immediately, or let Apple’s updater do it for you.
Summary:
  • This vulnerability affects: OS X 10.7.x (Lion) and 10.6.x (Snow Leopard)
  • How an attacker exploits it: By enticing you to a website containing maliciously crafted Java
  • Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges
  • What to do: Install Java for OS X Lion 2012-001 or Java for OS X 10.6 Update 7 immediately, or let Apple’s updater do it for you.
Exposure:
Yesterday, Apple released an advisory describing a Java security update for OS X 10.6.x and 10.7.x. The update fixes 12 vulnerabilities in OS X’s Java components (number based on CVE-IDs).

Apple doesn’t describe each flaw in technical detail, but they do share the worst case impact. If an attacker can lure you to a website containing specially crafted Java code, he can exploit many of these vulnerabilities to execute code on your OS X computer, with your privileges.

This Apple update finally brings the Java updates Oracle released in February to OS X users. Unfortunately, attackers have already been exploiting one of these Java vulnerabilities against Mac users in the wild. A Mac trojan called Flashback has reportedly infected over 600,000 Macs, by leveraging one of these Java flaws (as well as a Flash vulnerability in the past). If you have any Mac computers in your organization, we highly recommend you install Apple’s OS X Java update immediately. You can also find instructions for checking your Mac for the Flashback malware here.

Solution Path:
Apple has issued Java for OS X Lion 2012-001 [dmg file] and Java for OS X 10.6 Update 7 [dmg file] to correct these flaws. If you manage OS X 10.6.x or 10.7.x computers, we recommend you download and deploy these updates immediately, or let OS X’s automatic Software Update utility install it for you.

For All WatchGuard Users:
Some of these attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most WatchGuard appliances automatically blocks Java bytecode by default, which somewhat mitigates the risk posed by some of these vulnerabilities.

Status:
Apple has released Java updates to fix these issues.

References:
  • Apple’s OS X March Java advisory
  • Apple software downloads
  • Apple security updates
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 21 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...