Apple Releases Java Update to Remove Flashback Malware

[Riemann Zeta]

So, Apple released a Java VM update that disables Java. And then re-disables it if the user actually wants to use it. I thought the Java JRE 6_31 build closed the security hole, so why would Apple need to lock down Java?

 

[AidenShaw]

Usually the phrase you're quoting is proceeded by "the first thing you should do on any new installation is to turn off Windows Firewall. It doesn't do anything, and just bothers you all the time".

In other words, remove the blade guards and still blame Windows if you chop off your fingers?

 

[Negritude]

So, Apple released a Java VM update that disables Java. And then re-disables it if the user actually wants to use it. I thought the Java JRE 6_31 build closed the security hole, so why would Apple need to lock down Java?

Common sense. If you don't use any Java apps for over a month, it's unlikely you're going to need to use them at all, so disabling it after that period makes perfect sense. This reduces the possibility that a future Java trojan of a different kind can attack unsuspecting users. If you're using Java regularly, this won't be a problem.

 

[carlgo]

Ran that Russian site test, found no malware.

When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

Anyone else experience this pattern?

 

[Negritude]

I heard that Apple stopped producing their own versions of java? is that true?

They're not producing any new versions of Java, but they're still maintaining the existing version of Java.

When Mountain Lion drops, the OpenJDK project will take over and provide Java for OS X.

 

[SilverOnemi]

I'm stuck at "waiting for other installations to complete"

 

[C DM]

Ran that Russian site test, found no malware.

When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

Anyone else experience this pattern?

While it might have been related, there in fact was a security update for Adobe Reader a couple of days ago, and that prompt to notify you of it and install it might have just coincided with the Apple update check. Here's the Adobe Reader update info: http://www.esecurityplanet.com/patches/adobe-releases-security-updates-for-reader-acrobat.html.

 

[drspringfield]

Ran that Russian site test, found no malware.

When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

Anyone else experience this pattern?

That was pure coincidence. Glad you hear you have a clean system now!

(The malware's MO was to inject into Google)

 

[Actual Size]

Installed the update and it removed the malware from my computer. Thanks Apple!

 

[iKrl]

I had the malware, did that cause Safari to close every 30 minutes? 😕

 

[drspringfield]

I had the malware, did that cause Safari to close every 30 minutes? 😕

Yes, most likely.

 

[gotluck]

I bet there are far more users of this type than you'd think. Not every mac user is an 'enthusiast.'

Haha, I cant resist! - I know, enthusiasts build their own PC's!

 

[kiljoy616]

Well that was short lived, if only ms 😀windows was this simple... 😀

 

[coder12]

This guy?

https://forums.macrumors.com/posts/13699396/

Nope, although he does have a lot of good links in that post! When I have time I'll need to read the info he posted.

Before making statements like this, perhaps you should look at the current release of Windows.

Very few ports are open by default.

You're right; I was hoping to find the link to the article on my statement that describes it all in detail, but you're still correct 🙂

 

[derbothaus]

Who didn't get the warning that you had it and were cleaned? My Mac was completely clean (so I thought) and had full updated scan ran after Update 7 had all Java turned off as well. So either Apple's installer is placebo and too self congratulatory or most info on the flashback was BS and definitions were not updated till yesterday with all major AV vendors failing? Find it hard and scary to believe.

 

[BIS2]

not showing up for me

This still doesn't come up for me in software update......can I download it from apple directly?

 

[cvaldes]

Yes, typically Apple takes several hours to post the standalone installer at their support website (support.apple.com).

In any case, here is the page with the link...

http://support.apple.com/kb/DL1515

 

[faroZ06]

I got this trojan through the Java vulnerability. It infected my Mac Pro. I was not aware of it until I read the news stories about it last week. I removed it, and found parts of it had infected two other files on my Mac. Thanks to Little Snitch that was recommended to me after I was infected, which found these variants still "lurking."

I am glad to have gotten rid of it... I will install this update just to be sure it is all gone.

Where did you get the trojan from?

----------

Haha, I cant resist! - I know, enthusiasts build their own PC's!

I considered that, but it ended up being more expensive than buying a PC pre-built. Some CPUs cost more alone than they do inside of a Dell!

 

[BIS2]

Yes, typically Apple takes several hours to post the standalone installer at their support website (support.apple.com).

In any case, here is the page with the link...

http://support.apple.com/kb/DL1515

That one goes to an update from 4/3......I'll look in the morning though. Thanks.

 

[Morod]

Do you have Java installed? Have you looked in the /Applications/Utilities folder?

Thanks, found it there. I've had Java disabled in Safari for a long time now, but never knew where Java prefs were.

 

[ixodes]

Well that was short lived, if only ms 😀windows was this simple... 😀

It is, at least for those of us who are not haters 🙂

It's just a computer. No more, no less.

 

[GGJstudios]

That's irrelevant. It's part of a botnet, which means an update could be spread to all infected macs to grant it that ability to kill processes.

It's not irrelevant. If it's removed, it's no longer part of the botnet. There is no way for any "update" to reinstall the malware once it's removed.

 

[tonyl]

Me too, strange.

I also got this pop up, even after having checked via Terminal if I had been infected as various blogs suggested. Terminal showed nothing.

 

[John.B]

Java for Mac OS X 10.6 Update 8

FYI, on my mini with Snow Leopard I just checked Software Update which has Java for Mac OS X 10.6 Update 8, for those who haven't updated to Lion yet.

I decided to just remove Java entirely, instead.

 

[drspringfield]

Me too, strange.

Unfortunately, the common instructions became obsolete several days ago (clearly the intention of the authors).