Skip navigation

HT5228: About the security content of Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7

Learn about About the security content of Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7

HT5228 Java scare

785 Views 8 Replies Latest reply: Apr 7, 2012 12:41 PM by etresoft RSS
seanhingston Calculating status...
Currently Being Moderated
Apr 5, 2012 3:24 AM

My mac is 10.7.3 should I be concerned about the Java malware scare?

  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Apr 5, 2012 5:26 AM (in response to seanhingston)

    No. However, there is a reason Apple no longer installs Java by default. If you don't need Java, don't install it. If you don't need to run Java applets in Safari, then turn that feature off in Safari's Preferences. If you do require both Java and Java applets, then you need to make sure that your Java software functions properly in the new update. I know that my corporate VPN doesn't. So, I could either be safe from a milltion-to-one exploit or keep earning money and paying bills. Big decision there.

  • MrHoffman Level 6 Level 6 (11,695 points)
    Currently Being Moderated
    Apr 5, 2012 5:38 AM (in response to seanhingston)

    Concern over computer security should not be conditional on what the press and the social-media echo chamber is reporting.  Or what the press and the echo chambers are not reporting.

     

    Concern over security is an on-going requirement.

     

    This means complete backups, multiple ("deep") copies (as backup media can fail), and preferably disconnected.  Your backups are one of the easiest and best paths to recovery when your system is breached, and preferably a copy of the backup that predates the breach, and has been kept offline.

     

    Using proper passwords and/or certificates, of course.  On all users.

     

    Not downloading "codecs" or "players" from any site other than the original source of the tool.  There are a number of download sites around, and various of those sites are busily optimizing themselves to the top of Google search results.  Downloading tools from sources other than from the original producer or from producer-designated sites can have additional risk; you're not necessarily getting (just) what you expect.  If you didn't go looking for the tool yourself, do not download it.  With OS X, look to use the Mac App Store as your source.

     

    Don't click on links embedded in mail you've received, even if it looks to be a trusted source.  This includes social media messages received via mail, including LinkedIn mail, etc.

     

    Firewalls and VPNs, as well as checking logs.

     

    Maintaining current versions of Java, Safari and Adobe Flash Player, as well as other installed software.  Verifying that any web-facing tools you're using (client or server) are current.

     

    Disabling the automatic opening of "safe" files, and disabling Java access in the browser (or not installing it), and disabling (or removing) Adobe Flash Player, are all normal and expected practice, here.

     

    As for your original question, there's a Terminal.app sequence that's been posted by F.Secure to investigate whether your clients have been infested by the so-called OSX/Flashback.K malware.  It's a little arcane, if you're not familiar with Terminal.  It's not the first Mac malware that's been around, and it certainly won't be the last.

  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Apr 5, 2012 9:19 AM (in response to MrHoffman)

    What's this? A sane voice of reason in the hysteria? Oh yeah, MrHoffman, that figures.

     

    Those instructions are way too arcane. Just do this:

    cat -/.MacOSX/environment.plist

     

    If it says anything about DYLD_INSERT_LIBRARIES, then delete that file.

     

    Next, see if anyone has modified Safari with:

    code sign -v /Applications/Safari.app

     

    If so, quit Safari and restore Safari from backup

     

    Log out and then back in. Mischief managed.

  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Apr 5, 2012 1:15 PM (in response to etresoft)

    So much for posting from my iPad. This is what you should type and see as a result:

     

    user227-135:~ jdaniel$ cat ~/.MacOSX/environment.plist

    cat: /Users/jdaniel/.MacOSX/environment.plist: No such file or directory

  • MrHoffman Level 6 Level 6 (11,695 points)
    Currently Being Moderated
    Apr 5, 2012 1:40 PM (in response to etresoft)

    FWIW, there's a shell script here that looks to be reasonable, for those that are comfortable in the shell.  That script would need to be downloaded into a plain-text-format text file (using vim, emacs, nano, TextWranger, etc), then chmod +x invoked to to allow the script to execute, and then invoke the script with sudo.

  • Leslie260 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 7, 2012 10:16 AM (in response to etresoft)

    I'm not a programmer, so I'm not sure what it means to "just do this."  How do I "cat-/MacOSX/environment.plist" Do I type that somewhere?

  • Leslie260 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 7, 2012 10:17 AM (in response to seanhingston)

    I have OS 10.5.8.  Do I need to worry about the Java malware?

  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Apr 7, 2012 12:41 PM (in response to Leslie260)

    Here is a much better and easier-to-use tool: lhttps://discussions.apple.com/docs/DOC-3271

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.