New Java trojan and old MS Word vulnerabilities need patching
Summary: According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7, released earlier this month. Meanwhile, the security analysts warned that many copies of older versions of MS Word haven't been patched and are being infected.
According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7, released earlier this month. Meanwhile, the security analysts warned that many copies of older versions of MS Word haven't been patched and are being infected.
Intego warned of SabPab, which can exploit the same Java vulnerability as the Flashback trojan.
SabPab is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs. This malware installs in the user’s /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user’s /Library/Preferences folder (the com.apple.PubSabAgent.pfile).
As I mentioned in a previous post, older machines running pre-Snow Leopard OSes can disable Java in your web browser (in Safari it’s a Security preference), or turn it off altogether using the Java Preferences application, which can be found in the Utilities folder in Applications.
The Word vulnerability was patched by Microsoft several years ago, however, many Mac users haven't bothered to install the patches or have turned off the automated Microsoft updates installer. According to Integro, MS Word 2004 and 2008 are vulnerable, but Word 2011 is not. In addition, the older .DOC format is vulnerable, not the .DOCX format.
New variants of the SabPab backdoor that we recently wrote about have been found using Word documents to deliver the same payload as the first variant. This variant uses the same technique to install files on Macs as the Tibet.C malware that we discussed in March.
These two types of malware use Word documents in an interesting way. Each file has three parts: the first part is the exploit that takes advantage of a Word vulnerability. The second part is the malware that is then installed on Macs. And the third part is an actual Word document that displays when a users double-clicks the file.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Keep up to date, people . . .
Indeed, this goes for any OS: If you stay up to date, the chances of getting any type of malware is slim.
Even on Windows PCs, it's generally the case that the vast majority of infections are on unpatched machines.
So keep up to date, always.
Only problem with this line of thought...
If you're using a PPC Mac and need Java, you're kinda... well... screwed.
Which means...
You know . . .
Thankfully, it's a temporary situation, but at that rate I can afford a $300 netbook in a little over a year.
How old is that PPC again?
PubSubAgent.pfile or PubSabAgent.pfile?
Is this a new .pfile addition or did you mean "com.apple.PubSubAgent.pfile" ???
This must be a mistake
We were told by the Apple community that you always needed a password to install programs. No matter how many times the ignorant Apple community was informed that admin passwords are only required if the installer requires admin privileges, they told us that no, this wasn't true. As long as you didn't enter your admin password, no programs could be installed on the computer.
Clearly they were wrong. Clearly they should have listened to people who are much smarter than they are.
Keep in mind folks that "bypassing" the need for the admin password is [b]by design[/b], this isn't some vulnerability that Apple can patch. Yes, there is a vulnerability that allowed the malware to be downloaded and installed without the user requesting it but the exploit itself didn't have to take advantage of any vulnerability to bypass the admin password.
The only way to stay safe, OS X users, is to be paranoid. Do not open emails, do not surf the web, do not even look at the filename of a Word document. You have to be scared to use your computer. Enjoy.
I find it amusing
First it was "security by obscurity" (which was a myth) to "There is NO malware for Macs" (even [i]after[/i] Apple released an antimalware solution and has kept it updated since) followed by "Macs don't get viruses" (true enough but a misdirection) and then it's "Ed Bott keeps blowing this out of proportion" (no, not really) to "You NEED an administrator password to run" (which has since also been proven false)... so what's the NEXT excuse going to be before you guys wake up and realize there IS an issue?
And here's a question of board etiquette for you people who love to flag posts or vote posts down and move on - why not man up, grow a pair of cajones, and say why you flagged it/voted it down?
Men of straw
Care to post citations where people made these comments.
1) Security by obscurity is a statistical argument that can be proved false in both the forward and reverse direction with simple math. I have done so repeatedly on other threads.
2) Please provide a citation for where people here claimed there was no OSX malware. In fact, the fact that there IS (but that its rate of introduction has remained essentially unchanged) only helps to bolster the proof in #1, above.
3) There are no Macs viruses, as stated.
4) Please provide a citation to where this was stated as a general rule, rather than a specific response to a specific instance, where that specific instance was not the case.
He isn't being downvoted for telling the truth...
Just sayin'...
Care to provide citations to where this claim was made?
care to use google?
@belli_bettens
Or to even read? Google has nothing to do with this. This is about posters to THIS forum, making THESE comments. Duh.
An analogy.
What's the matter with people? I ALWAYS install updates the moment they are
The Java update problem
When did Oracle give Java patches to Apple
So, tell us, do you know at what date did Oracle provide patched Java code to Apple to release to their customers?
You don't know? Yet, you claim it was Apple who caused the delay.
turn off java
if you decide to turn it on, then turn it back off after your threw with the service.
Apple made this sort of automatic in the last Java patches
I don't think Apple has patented this method, so Microsoft and others might well just borrow it ;)
So, the upshot of all this is.....
Hmmmm....there otta be a law (against stupidity or irresponsibility) that all OS makers [b] MUST [/b] default their systems to automatic updates (including nagging if not) and if the OS is not updated by a short time period, then it shuts down so other users are not targetted. Sorry folks but security and safety need to be enforced on the web. Should be Web Police (shades of Tom Clancy).
A bit late to the party...