HT5228: About the security content of Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7Learn about About the security content of Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7
No. However, there is a reason Apple no longer installs Java by default. If you don't need Java, don't install it. If you don't need to run Java applets in Safari, then turn that feature off in Safari's Preferences. If you do require both Java and Java applets, then you need to make sure that your Java software functions properly in the new update. I know that my corporate VPN doesn't. So, I could either be safe from a milltion-to-one exploit or keep earning money and paying bills. Big decision there.
Concern over computer security should not be conditional on what the press and the social-media echo chamber is reporting. Or what the press and the echo chambers are not reporting.
Concern over security is an on-going requirement.
This means complete backups, multiple ("deep") copies (as backup media can fail), and preferably disconnected. Your backups are one of the easiest and best paths to recovery when your system is breached, and preferably a copy of the backup that predates the breach, and has been kept offline.
Using proper passwords and/or certificates, of course. On all users.
Not downloading "codecs" or "players" from any site other than the original source of the tool. There are a number of download sites around, and various of those sites are busily optimizing themselves to the top of Google search results. Downloading tools from sources other than from the original producer or from producer-designated sites can have additional risk; you're not necessarily getting (just) what you expect. If you didn't go looking for the tool yourself, do not download it. With OS X, look to use the Mac App Store as your source.
Don't click on links embedded in mail you've received, even if it looks to be a trusted source. This includes social media messages received via mail, including LinkedIn mail, etc.
Firewalls and VPNs, as well as checking logs.
Maintaining current versions of Java, Safari and Adobe Flash Player, as well as other installed software. Verifying that any web-facing tools you're using (client or server) are current.
Disabling the automatic opening of "safe" files, and disabling Java access in the browser (or not installing it), and disabling (or removing) Adobe Flash Player, are all normal and expected practice, here.
As for your original question, there's a Terminal.app sequence that's been posted by F.Secure to investigate whether your clients have been infested by the so-called OSX/Flashback.K malware. It's a little arcane, if you're not familiar with Terminal. It's not the first Mac malware that's been around, and it certainly won't be the last.
What's this? A sane voice of reason in the hysteria? Oh yeah, MrHoffman, that figures.
Those instructions are way too arcane. Just do this:
If it says anything about DYLD_INSERT_LIBRARIES, then delete that file.
Next, see if anyone has modified Safari with:
code sign -v /Applications/Safari.app
If so, quit Safari and restore Safari from backup
Log out and then back in. Mischief managed.
So much for posting from my iPad. This is what you should type and see as a result:
user227-135:~ jdaniel$ cat ~/.MacOSX/environment.plist
cat: /Users/jdaniel/.MacOSX/environment.plist: No such file or directory
FWIW, there's a shell script here that looks to be reasonable, for those that are comfortable in the shell. That script would need to be downloaded into a plain-text-format text file (using vim, emacs, nano, TextWranger, etc), then chmod +x invoked to to allow the script to execute, and then invoke the script with sudo.