Security Beat: Flashback Wrap-up

Last month, this column was devoted to the Flashback trojan – a nasty piece of malware that targeted Macs, exploiting a vulnerability in Java that Oracle had patched back in February (but that Apple had not yet gotten around to issuing a patch for.) Since then, a number of things have happened: a Russian security firm released a report indicating more than 500,000 Macs were infected with Flashback, which was later confirmed by well-known security vendor Kaspersky (that number later climbed to over 600,000, before dropping as systems were dis-infected); instructions for determining if your Mac was infected, consisting of a series of Terminal commands, was published; Apple released, not one, not two, but three Security Updates for Java in a period of about a week; and Apple has also released a standalone removal tool for the most common variants of Flashback worm, intended for systems running OS X “Lion” which don’t have Java installed, which you can get here.

With the third security update, Java on OS X is now at Java SE 6 version 1.6.0_31. In addition to this, Apple configured the Java web plug-in to disable the automatic execution of Java applets. If you want to re-enable this feature, you can do so via the Java Preferences application (in the Utilities subfolder):

Java Preferences screen shot

Java Preferences

however, you should note that if the plug-in detects that no Java applets have been run for “an extended period of time” (per Houston Chronicle tech blogger Dwight Silverman, this is actually 30 days), it will disable automatic execution once again.

While this additional layer of protection may prove irksome for those of us who infrequently use Java applets, those who either (1) use Java applets often, or (2) use Java applets never, should see little impact from this. Except, of course, for the latter group, who will be protected against malicious Java code automatically running in an outdated, un-patched version of the software.

Now that the brouhaha has subsided, let’s take a look at what lessons we can take away from this:

This wasn’t a “Mac virus”…: it was actually a Trojan downloader, which targeted a vulnerability in the Java application running on Mac OS X.

…but that doesn’t really matter! Because, if you find yourself with an infected Mac, does it really matter whether it was a “virus”, “trojan”, “fake A/V”, or whether it exploited a vulnerability in the OS, in an included application (e.g. Safari, Java), or in a 3rd-party app (e.g. Adobe Reader, Microsoft Office)?

Patch, Patch, Patch! Apple still has a ways to go to get where Microsoft is with their security updates. That being said, if you are presented with a security-related update via Apple’s Software Update, by all means install it – STAT! Same goes for security patches to 3rd-party apps. Better yet: if the app offers a feature to automatically check for and install updates, enable it.

The old paradigms don’t necessarily hold true any longer…: It used to be that, by avoiding the less-desirable locations on the ‘Net, you could remain fairly save from malware. Not any more: so many “legitimate” web sites have been compromised, that your Mac can pick up something nasty from almost any place.

…but, there is no need to get too paranoid. By taking prudent steps, and staying aware of what is happening out in the world, you can continue to keep your Mac running, safe and sound.

(This article will also appear in the April issue of the Apple Barrel, the newsletter of the Houston Area Apple Users Group (HAAUG).)

Digiprove sealCopyright secured by Digiprove © 2012 Ed Truitt
This entry was posted in InfoSec and tagged , , , , , . Bookmark the permalink.