Flashback Mac OS X malware exploiting (old) Java security holes

Flashback Mac OS X malware exploiting (old) Java security holes

Summary: If a Mac OS X user visits a web page, and their Java is not up to date, the malware infection will occur without their intervention.


A new variant of the Flashback trojan is now exploiting a security hole in Java to silently infect Mac OS X machines, according to a warning from Intego.

While previous versions of Flashback presented users with an installer, Intego is reporting that a new version is now exploiting a pair of old (and already patched) Java vulnerabilities to plant malware on Mac OS X systems.

[ SEE: Ten little things to secure your online presence ]

"If a user visits a web page, and their Java is not up to date, the installation will occur without their intervention," Intego said in an advisory.

"If their Java is up to date, they will only see the certificate alert (image above): they will never be asked for a password, and won’t have to launch any other software to allow the installation to take place," the company added.

Topics: Open Source, Apple, Hardware, Malware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Flashback.G reminds me a bit of Windows malware ...

    ... such as the Zeus (or Zbot) trojan that is capable of doing its dirty work in limited and standard user accounts.

    According to Integro (see the link in the ZDNet article), Flashback.G creates files in the /Users/Shared and the user's home directories. All Mac OS X accounts, including the default, standard user and managed user accounts, have write access to the /Users/Shared directory.

    Now, someone please correct me if I'm wrong, but the only setup that would appear capable of stopping this infection, minus running some 3rd party security program such as Integro's VirusBarrier X6, would be a managed user account where an Administrator has configured Parental Controls to allow only specific applications to run. This *should* prevent the nasty from executing and is basically running one's Mac in application whitelisting mode.

    [Note: similar is true for Zeus in Windows XP-Pro/Vista/7 running as a limited or standard user with application whitelisting enabled using Parental Controls or Software Restriction Policy (gpedit.msc).]

    The problem with malware scanning software, either packaged with the OS or 3rd party, is that it is reactive and the malware miscreants are usually a step or two ahead of the signature databases. On Windows, Zeus variants are well-known for their ability to bypass AV software.

    Final question: On Mac Lion, assuming that Java has been installed, doesn't Apple's default sandboxing of Safari stop this exploit?
    Rabid Howler Monkey
  • For PPC also?

    I wonder if my old PPC G4 at home is subject to this, or is it just that none of the script-kiddies know what big-endian means?