Apple, Mac, iOS4,...
Follow
Find tag "Java-Security-Holes"
8.0K views | +0 today
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Jacksbot Java malware can take control of Windows, Mac, and Linux systems

Jacksbot Java malware can take control of Windows, Mac, and Linux systems | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Two weeks ago, Mac security software company Intego discovered malware which it classified as "a new Java backdoor trojan called Java/Jacksbot.A.” New threats are discovered all the time, but Intego later concluded that even though Jacksbot is a variant of the Java remote access tool (RAT) created by the jailbreaking group Redpois0n, it can target multiple platforms.

 

The malware writers behind JACKSBOT may just be testing the waters for a successful multiplatform malware; however for now they appear to be unwilling to invest the time and resources to develop the code more completely.

 

===> It’s likely that the authors will continue to improve the code to fully support infection for OS X and Linux. <===

 

Read more, a MUST:

http://thenextweb.com/2012/10/31/jacksbot-java-malware-can-take-control-of-windows-mac-and-linux-systems/?utm_source=dlvr.it&amp;utm_medium=twitter

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Oracle liefert Java-Updates auch für Mac

Oracle liefert Java-Updates auch für Mac | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Jahrelang hat Apple Java für sein Mac OS selbst bereit gestellt und im Grunde versucht es loszuwerden.

 

Doch jetzt hat man sich mit Oracle geeinigt, dass der Java-Hersteller diese Aufgabe übernehmen soll. Mac-Benutzer sollen in Bezug auf Java also Windows- und Linux-Nutzern gleichgestellt und somit früher als bislang mit Sicherheits-Updates versorgt werden.

 

Read more...

 

more...
No comment yet.
Rescooped by Gust MEES from ICT Security-Sécurité PC et Internet
Scoop.it!

Both Mac and Windows are Targeted at Once!

Both Mac and Windows are Targeted at Once! | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Symantec helps consumers and organizations secure and manage their information-driven world.

 

Symantec Security Response, along with some other security vendors, reported the discovery of the OSX.Flashback malware recently patched by Apple. Many people may be surprised to learn the infection volume is reported at over 600,000 computers.

On a new front, we have recently identified new Java Applet malware, which uses the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download its payload.

 

This attack vector is the same as the older one, but in this case the Java Applet checks which OS it is running on and downloads a suitable malware for the OS. This is explained further in the following illustration...

 

Read more...

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple releases Java update with 12 security fixes

Apple releases Java update with 12 security fixes | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has shipped a Java update for Mac operating systems with 12 security fixes, including one that plugs a hole exploited by a recent variant of the Flashback malware.

 

                                ===> UPDATE!!! <===

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

MacPlus : Mac OS X : mise à jour de Java

MacPlus : Mac OS X : mise à jour de Java | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

On évoquait hier le retour du cheval de Troie Flashback, dont la dernière variante infecte les Mac par l'intermédiaire d'une faille Java - une faille corrigée depuis un moment par Oracle, mais qu'Apple tarde à mettre à disposition des des utilisateurs. Cupertino a t-il pris le pouls de la menace ?

 

===> Il est en tout cas assez singulier de voir justement tomber une mise à jour de Java pour Mac OS X, numérotée 1.6.0_31 ! <===

 

===> Apple ne fait pas mention de ce fameux ver, mais indique que cette version apporte des améliorations de compatibilité, sécurité et fiabilité. La mise à jour, à récupérer via le mécanisme traditionnel des préférences système, pèse 66 Mo. <===

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac Trojan infects machines via unpatched Java bug

Mac Trojan infects machines via unpatched Java bug | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Unfortunately, Mac users haven't received a patch for that particular vulnerability since Apple hasn't yet ported it to Java for Macs. In addition to all that, there are rumors that an exploit for another unpatched Java flaw is being offered for sale on online forums.

 

===> The researchers advise Mac users to disable their Java client for the time being in order to avoid infection. <===

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mac Flashback Exploiting Unpatched Java Vulnerability

Mac Flashback Exploiting Unpatched Java Vulnerability | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We've been anticipating something like this for a while now.

 

Oracle released an update that patched this vulnerability back in February… for Windows.

 

===> But — Apple hasn't released the update for OS X (yet). <===

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple plugs Java hole, shifts away from plug-in

Apple plugs Java hole, shifts away from plug-in | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
By turning off Java by default, Apple is making customers choose whether to take the risk in using the troubled browser software...

 

Apple's patches automatically deactivated the Java plug-ins in browsers, leaving it up to Mac users to turn them back on. Until a few months ago, Apple had handled the release of all Java updates. Now, customers can download and install fixes directly from Oracle.

 

Read more:

http://www.csoonline.com/article/715630/apple-plugs-java-hole-shifts-away-from-plug-in?source=rss_news&amp;utm_source=dlvr.it&amp;utm_medium=twitter

 

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Oracle to manage updates for Java for Mac: A good thing?

Oracle to manage updates for Java for Mac: A good thing? | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple may have appeared to have pulled off a coup in persuading Oracle to maintain Java for Mac but can Oracle be trusted to get it right?

 

The emergence of the Flashback Trojan - which exploited a vulnerability in Mac OS X's version of Java - earlier this year led to a lot of flak for both Oracle and Apple. The vulnerability was known about and fixed in the Windows and Linux versions of Java, but remained exposed in OS X for several more weeks.

 

===> The fact that Apple is ultimately responsible for maintaining Java on OS X saw Apple's ability to protect its users questioned. <===

 

Read more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Java: The OSX and Cross-Platform Nightmare | threatpost

Java: The OSX and Cross-Platform Nightmare | threatpost | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
The Flashback botnet is an indication that Apple is not putting enough energy into security and that oracle isn't paying attention to Java security issues.
more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Mise à jour Java pour OS X Lion et Snow Leopard

Mise à jour Java pour OS X Lion et Snow Leopard | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Une révision Java pour OS X Lion est disponible [1.0/2012-001 - 64 Mo Mo - OS X 10.7] ainsi que pour Snow Leopard [1.0 - Update 7 - 76 Mo - OS X 10.6]. Elle apporte des correctifs de sécurité et d'autres participant à sa stabilité.

 

===> Cette mise à jour comble tout particulièrement une importante faille exploitée par un malware qui pouvait être récupéré depuis un site web et capable ensuite d'exécuter avec les droits d'administrateur un applet Java contenant un code nuisible... <===

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple updates Java after malware spreads

Apple updates Java after malware spreads | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.

 

The update, for both Lion (10.7.3) and Snow Leopard (10.6.8) versions of the platform, closes a dozen holes in Java 1.6.0_29, "the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox," according to Apple.

 

That presumably refers to CVE-2012-0507, which researchers at F-Secure said Monday was being used to spread the latest variant of the password-stealing Flashback trojan.

 

===> Computers can be infected simply by users visiting a malicious web page, a scenario known as a drive-by download. <===

 

                                      ===> UPDATE!!! <===

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

New Trojan variant can install without password | Macworld

New Trojan variant can install without password | Macworld | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
A new variant of the Flashback Trojan that appeared last year can install itself on a Mac without need for an administrator's password.
more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Flashback Mac OS X malware exploiting (old) Java security holes | ZDNet

Flashback Mac OS X malware exploiting (old) Java security holes | ZDNet | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
If a Mac OS X user visits a web page, and their Java is not up to date, the malware infection will occur without their intervention.

 

===> UPDATE asap! <===

more...
No comment yet.