9 Replies Latest reply: Apr 19, 2012 12:39 AM by MadMacs0
GLaura Level 1 Level 1 (0 points)

My automatic updates installed the os x update 8 and I installed same update as I was in panic mode with the whole flashback issue, so now it's listed twice in update history. Question is, is this update installed twice? First update lists version 8, manual update doesnt give version just says update 8.

  • 1. Re: os x update
    Kappy Level 10 Level 10 (226,855 points)

    Release 8 for Snow Leopard should remove malware variants known at the time of its release and install a new version of Java that will block future infections from the known variants of the malware.

     

    Installing it twice doesn't affect you adversely.

  • 2. Re: os x update
    Niel Level 10 Level 10 (242,130 points)

    The new update overwrote the old.

     

    (65645)

  • 3. Re: os x update
    Grant Bennet-Alder Level 8 Level 8 (49,285 points)

    .. and it is not a problem and you are fine now.

  • 4. Re: os x update
    GLaura Level 1 Level 1 (0 points)

    But the second update I did doesnt list the version....I know Im paranoid but the first automatic update found the flashback and of course removed it and installed the java update which lists the version 8. I just want to be sure I didn't overrite the first update. I know I sound paranoid...thanks for your help!

  • 5. Re: os x update
    The hatter Level 9 Level 9 (58,885 points)

    Thursday news:

    According to Apple, the new tool removes "the most common variants" of the malware, as well as turning off automatic execution of Java applets on Web pages.

    The most recent update from Apple is in essence a removal tool that rides along with a Java update, and the company said that the fix also changes the way that OS X handles Java applets.

    : As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications. Further information is available at http://support.apple.com/kb/HT5242

     

    Apple has posted a Flashback malware removal tool, available for Macs running Mac OS X 10.7.3 that do not have Java installed.


    Thursday's update also disables automatic execution of Java applets in the Java browser plug-in; the exploit used by Flashback to infect Macs was hidden inside a malicious Java applet hosted on compromised websites.

    "Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets."

    When it comes to being targeted by drive-by-downloads and exploits - for which there is no patch - this is a problem that PC users have had for years. Honestly, there is little that end users can do about it.


    ... as Andrew Jaquith put it in a May 2011 SecurityWeek Column, “don’t panic over the latest malware story.”


    Dealing with security on a Mac can come down to a few basics. Stick to common sense security, such as avoiding risky Web behavior, patching regularly, maintaining backups, and using password management tools. Attacks such as Flashback are bad, of that there is no doubt, but they’re also rare. Remember Flashback was the first of its kind for Mac.

     

    April 14, 2012:

    New targeted Mac OS X Trojan requires no user interaction

    By Emil Protalinski | April 14, 2012, 12:44pm PDT (Saturday)

    Summary: A new Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is also exploiting Java vulnerabilities in a way that requires no user interaction. It is being used in targeted attacks.

    Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kasperskyrefers to it as “Backdoor.OSX.SabPub.a” whileSophos calls it at “SX/Sabpab-A.”

  • 6. Re: os x update
    MadMacs0 Level 4 Level 4 (3,735 points)

    The hatter wrote:

     

    April 14, 2012:

    New targeted Mac OS X Trojan requires no user interaction

    By Emil Protalinski | April 14, 2012, 12:44pm PDT (Saturday)

    Summary: A new Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is also exploiting Java vulnerabilities in a way that requires no user interaction. It is being used in targeted attacks.

    Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kasperskyrefers to it as “Backdoor.OSX.SabPub.a” whileSophos calls it at “SX/Sabpab-A.”

    Kaspersky FUD! It's an MS Word exploit, patched in June 2009 that has nothing to do with Java.

     

    http://www.zdnet.com/blog/security/new-version-of-mac-os-x-trojan-exploits-word- not-java/11566

  • 7. Re: os x update
    The hatter Level 9 Level 9 (58,885 points)

    I would not call it FUD. Take your issues to Cnet then. Go post your complaint on Kaspersky's board.

     

    I picked up from Cnet/MacFixit and the messenger . So take it up with the news site.

     

    Apple's attempt also got mixed review on how they handled it and misguided actions.

    CompuerWorld wrote a good piece this morning.

  • 8. Re: os x update
    MadMacs0 Level 4 Level 4 (3,735 points)

    The hatter wrote:

     

    I would not call it FUD. Take your issues to Cnet then. Go post your complaint on Kaspersky's board.

    Sorry, I should have specified Kaspersky FUD, and I have posted to their board before (concerning their Flashback Tool that took down so many users) and never received a reply.

    I picked up from Cnet/MacFixit and the messenger . So take it up with the news site.

    I thought the source of your post was ZDNet, who did post the corrected article I referenced. I'll have to see what c|net has to say today.

  • 9. Re: os x update
    MadMacs0 Level 4 Level 4 (3,735 points)

    @hatter,

     

    I finally heard back from Intego today (none of the other sites bothered) that there were two variants, the first was Word but the second was Java.

     

    Then they posted another article which said a second Word variant has been found, for a total of three.

     

    New SabPab Variant Uses Word Files to Infect Macs

     

    F-Secure also confirmed that today.

     

    More Mac Malware Exploiting Java