New Java trojan and old MS Word vulnerabilities need patching

Summary:According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7, released earlier this month. Meanwhile, the security analysts warned that many copies of older versions of MS Word haven't been patched and are being infected.

According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7, released earlier this month. Meanwhile, the security analysts warned that many copies of older versions of MS Word haven't been patched and are being infected.

Intego warned of SabPab, which can exploit the same Java vulnerability as the Flashback trojan.

SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user’s /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user’s /Library/Preferences folder (the com.apple.PubSabAgent.pfile).

As I mentioned in a previous post, older machines running pre-Snow Leopard OSes can disable Java in your web browser (in Safari it’s a Security preference), or turn it off altogether using the Java Preferences application, which can be found in the Utilities folder in Applications.

The Word vulnerability was patched by Microsoft several years ago, however, many Mac users haven't bothered to install the patches or have turned off the automated Microsoft updates installer. According to Integro, MS Word 2004 and 2008 are vulnerable, but Word 2011 is not. In addition, the older .DOC format is vulnerable, not the .DOCX format.

New variants of the SabPab backdoor that we recently wrote about have been found using Word documents to deliver the same payload as the first variant. This variant uses the same technique to install files on Macs as the Tibet.C malware that we discussed in March.

These two types of malware use Word documents in an interesting way. Each file has three parts: the first part is the exploit that takes advantage of a Word vulnerability. The second part is the malware that is then installed on Macs. And the third part is an actual Word document that displays when a users double-clicks the file.

Topics: Software Development, Apple, Collaboration, Hardware, Malware, Microsoft, Open Source, Security, Software

About

David Morgenstern has covered the Mac market and other technology segments for 20 years. In the recent past, he founded Ziff-Davis' Storage Supersite, served as news editor for Ziff Davis Internet and held several executive editorial positions at eWEEK. In the 1990s, David was editor of Ziff Davis' award-winning MacWEEK news publication a... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.