Thursday news:
According to Apple, the new tool removes "the most common variants" of the malware, as well as turning off automatic execution of Java applets on Web pages.
The most recent update from Apple is in essence a removal tool that rides along with a Java update, and the company said that the fix also changes the way that OS X handles Java applets.
: As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications. Further information is available at http://support.apple.com/kb/HT5242
Apple has posted a Flashback malware removal tool, available for Macs running Mac OS X 10.7.3 that do not have Java installed.
Thursday's update also disables automatic execution of Java applets in the Java browser plug-in; the exploit used by Flashback to infect Macs was hidden inside a malicious Java applet hosted on compromised websites.
"Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets."
When it comes to being targeted by drive-by-downloads and exploits - for which there is no patch - this is a problem that PC users have had for years. Honestly, there is little that end users can do about it.
... as Andrew Jaquith put it in a May 2011SecurityWeekColumn, “don’t panic over the latest malware story.”
Dealing with security on a Mac can come down to a few basics. Stick to common sense security, such as avoiding risky Web behavior, patching regularly, maintaining backups, and using password management tools. Attacks such as Flashback are bad, of that there is no doubt, but they’re also rare. Remember Flashback was the first of its kind for Mac.
April 14, 2012:
By Emil Protalinski | April 14, 2012, 12:44pm PDT (Saturday)
Summary: A new Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is also exploiting Java vulnerabilities in a way that requires no user interaction. It is being used in targeted attacks.
Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kasperskyrefers to it as “Backdoor.OSX.SabPub.a” whileSophos calls it at “SX/Sabpab-A.”