So, Apple released a Java VM update that disables Java. And then re-disables it if the user actually wants to use it. I thought the Java JRE 6_31 build closed the security hole, so why would Apple need to lock down Java?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases Java Update to Remove Flashback Malware
- Thread starter MacRumors
- Start date
- Sort by reaction score
In other words, remove the blade guards and still blame Windows if you chop off your fingers?
Common sense. If you don't use any Java apps for over a month, it's unlikely you're going to need to use them at all, so disabling it after that period makes perfect sense. This reduces the possibility that a future Java trojan of a different kind can attack unsuspecting users. If you're using Java regularly, this won't be a problem.
Ran that Russian site test, found no malware.
When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.
The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.
Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.
Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.
Anyone else experience this pattern?
When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.
The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.
Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.
Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.
Anyone else experience this pattern?
They're not producing any new versions of Java, but they're still maintaining the existing version of Java.
When Mountain Lion drops, the OpenJDK project will take over and provide Java for OS X.
While it might have been related, there in fact was a security update for Adobe Reader a couple of days ago, and that prompt to notify you of it and install it might have just coincided with the Apple update check. Here's the Adobe Reader update info: http://www.esecurityplanet.com/patches/adobe-releases-security-updates-for-reader-acrobat.html.
That was pure coincidence. Glad you hear you have a clean system now!
(The malware's MO was to inject into Google)
I had the malware, did that cause Safari to close every 30 minutes?
Yes, most likely.
Nope, although he does have a lot of good links in that post! When I have time I'll need to read the info he posted.
You're right; I was hoping to find the link to the article on my statement that describes it all in detail, but you're still correct
Who didn't get the warning that you had it and were cleaned? My Mac was completely clean (so I thought) and had full updated scan ran after Update 7 had all Java turned off as well. So either Apple's installer is placebo and too self congratulatory or most info on the flashback was BS and definitions were not updated till yesterday with all major AV vendors failing? Find it hard and scary to believe.
Last edited:
Yes, typically Apple takes several hours to post the standalone installer at their support website (support.apple.com).
In any case, here is the page with the link...
http://support.apple.com/kb/DL1515
In any case, here is the page with the link...
http://support.apple.com/kb/DL1515
Where did you get the trojan from?
----------
I considered that, but it ended up being more expensive than buying a PC pre-built. Some CPUs cost more alone than they do inside of a Dell!
Thanks, found it there. I've had Java disabled in Safari for a long time now, but never knew where Java prefs were.
Well that was short lived, if only ms
It is, at least for those of us who are not haters
It's just a computer. No more, no less.
It's not irrelevant. If it's removed, it's no longer part of the botnet. There is no way for any "update" to reinstall the malware once it's removed.
Java for Mac OS X 10.6 Update 8
FYI, on my mini with Snow Leopard I just checked Software Update which has Java for Mac OS X 10.6 Update 8, for those who haven't updated to Lion yet.
I decided to just remove Java entirely, instead.
FYI, on my mini with Snow Leopard I just checked Software Update which has Java for Mac OS X 10.6 Update 8, for those who haven't updated to Lion yet.
I decided to just remove Java entirely, instead.
Unfortunately, the common instructions became obsolete several days ago (clearly the intention of the authors).