Apple, Mac, iOS4,...
Follow
Find tag "Java-vulnerabilities"
9.3K views | +4 today
Apple, Mac, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Rescooped by Gust MEES from ICT Security-Sécurité PC et Internet
Scoop.it!

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Multi-platform threat exploits old Java flaw, gains persistence.

 

Researchers have uncovered a piece of botnet malware that is capable of infecting computers running Windows, Mac OS X, and Linux that have Oracle's Java software framework installed.

 

The cross-platform HEUR:Backdoor.Java.Agent.a, as reported in a blog post published Tuesday by Kaspersky Lab, takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on.

 

Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

 


Via Gust MEES
Gust MEES's insight:

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

 

more...
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Apple's own Macs bitten by Java-based malware attack

Apple's own Macs bitten by Java-based malware attack | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through...

 

According to Reuters, "Apple Inc. was recently attacked by hackers who infected the Macintosh computers of some employees".

 

More specifically Apple engineers had their Mac OS X laptops infected by the same zero-day Java vulnerability that infected Facebook last month.

 

In a statement Apple made to The Loop an Apple spokesperson said “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.

 

Gust MEES's insight:

What should you do as a result of this? If you are a Mac user you should be sure to keep your computer patched. Apple stated they will be releasing a Java malware removal tool this afternoon to respond to this attack.

 

It is also a good idea to run an up to date anti-virus to detect any future attacks and to disable Java in the browser if you don't require it for day to day web surfing.

 

===> To be fair, that advice applies to all computer users whether they prefer Windows, OS X or Linux. Many times staying safe isn't convenient, but it is an investment that pays off in the long run. <===

 

Check also:

 

https://gustmees.wordpress.com/2012/11/29/cyber-hygiene-ict-hygiene-for-population-education-and-business/

 

more...
Gust MEES's curator insight, February 19, 2013 3:52 PM

What should you do as a result of this? If you are a Mac user you should be sure to keep your computer patched. Apple stated they will be releasing a Java malware removal tool this afternoon to respond to this attack.

 

It is also a good idea to run an up to date anti-virus to detect any future attacks and to disable Java in the browser if you don't require it for day to day web surfing.

 

===> To be fair, that advice applies to all computer users whether they prefer Windows, OS X or Linux. Many times staying safe isn't convenient, but it is an investment that pays off in the long run. <===

 

Check also:

 

 

https://gustmees.wordpress.com/2012/11/29/cyber-hygiene-ict-hygiene-for-population-education-and-business/

 

 

Scooped by Gust MEES
Scoop.it!

Vulnérabilités : Kaspersky pointe Adobe, Oracle et Apple

Vulnérabilités : Kaspersky pointe Adobe, Oracle et Apple | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

L'éditeur de logiciel de sécurité Kaspersky a publié quelques statistiques sur les failles de sécurité découvertes dans le monde au troisième trimestre. Pour délivrer ces chiffres, Kaspersky s'appuie sur la base d'utilisateurs de ses produits.

 

On trouve ensuite des logiciels d'Adobe (Flash, Adobe Reader et Shockwave) qui est le plus représenté dans ce top 10 avec cinq mentions. Apple est également présent avec des failles concernant QuickTime (14 % des utilisateurs concernés) et iTunes (12 %). Nullsoft avec Winamp ferme la marche.

 

En savoir plus :

 

http://www.macg.co/news/voir/257709/vulnerabilites-kaspersky-pointe-adobe-oracle-et-apple

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple patcht vier gravierende Sicherheitslücken in Java 6 für Mac OS X

Apple patcht vier gravierende Sicherheitslücken in Java 6 für Mac OS X | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Apple patcht vier gravierende Sicherheitslücken in Java 6 für Mac OS X


Betroffen sind Mac OS X 10.6, 10.7 und 10.8. Die Lücken lassen sich mit manipulierten Java-Applets ausnutzen. Sie sind seit dem durch den von Oracle in der vergangenen Woche bereitgestellten Patch öffentlich bekannt.

 

Da Apple für die Aktualisierung von Java 6 verantwortlich ist, mussten Nutzer von OS X warten, bis das Unternehmen aus Cupertino ein Update herausgibt. Ab Java 7 ist Oracle für die Mac-OS-Updates zuständig. Ein entsprechendes Update wurde letzte Woche bereitgestellt. Allerdings liegt Java 7 unter Mac OS nur als 64-Bit-Version vor, sodass 32-Bit-Browser wie Google Chrome noch auf die ältere Version zurückgreifen.

 

Zudem wurde auch in diesem Patch eine Sicherheitslücke entdeckt, die Angreifer missbrauchen können, um Schadcode einzuschleusen udn auszuführen. Das polnische Sicherheitsunternehmen Security Explorations hatte den Fehler nur wenige Stunden nachdem das Update bereitgestellt worden war entdeckt.

 

Mehr erfahren:

http://www.itespresso.de/2012/09/06/apple-patcht-vier-gravierende-sicherheitslucken-in-java-6-fur-mac-os-x/

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Une faille dans Java 7, aussi sur Mac

Une faille dans Java 7, aussi sur Mac | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Encore une faille dans Java qui menace la sécurité des Mac.

 

 

 

 

 

 

En savoir plus :

http://www.macworld.fr/mac/actualites,faille-java-7,530598,1.htm

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Oracle to manage updates for Java for Mac: A good thing?

Oracle to manage updates for Java for Mac: A good thing? | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple may have appeared to have pulled off a coup in persuading Oracle to maintain Java for Mac but can Oracle be trusted to get it right?

 

The emergence of the Flashback Trojan - which exploited a vulnerability in Mac OS X's version of Java - earlier this year led to a lot of flak for both Oracle and Apple. The vulnerability was known about and fixed in the Windows and Linux versions of Java, but remained exposed in OS X for several more weeks.

 

===> The fact that Apple is ultimately responsible for maintaining Java on OS X saw Apple's ability to protect its users questioned. <===

 

Read more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple updates Safari, gives better control over Java applets

Apple updates Safari, gives better control over Java applets | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.

It's supposed to give you finer-grained control over Java in your browser.

Paul Ducklin puts it through i...
more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Apple blacklists Java on OS X to prevent latest “critical” exploits

Apple blacklists Java on OS X to prevent latest “critical” exploits | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Apple's automated system is allowing for a fast response to malware threats.
Gust MEES's insight:

Check also:

 

http://www.scoop.it/t/securite-pc-et-internet?tag=Apple+and+Mozilla+-+%27Just+say+no+to+Java

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

Jacksbot Java malware can take control of Windows, Mac, and Linux systems

Jacksbot Java malware can take control of Windows, Mac, and Linux systems | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

Two weeks ago, Mac security software company Intego discovered malware which it classified as "a new Java backdoor trojan called Java/Jacksbot.A.” New threats are discovered all the time, but Intego later concluded that even though Jacksbot is a variant of the Java remote access tool (RAT) created by the jailbreaking group Redpois0n, it can target multiple platforms.

 

The malware writers behind JACKSBOT may just be testing the waters for a successful multiplatform malware; however for now they appear to be unwilling to invest the time and resources to develop the code more completely.

 

===> It’s likely that the authors will continue to improve the code to fully support infection for OS X and Linux. <===

 

Read more, a MUST:

http://thenextweb.com/2012/10/31/jacksbot-java-malware-can-take-control-of-windows-mac-and-linux-systems/?utm_source=dlvr.it&amp;utm_medium=twitter

 

more...
No comment yet.
Scooped by Gust MEES
Scoop.it!

OS X : désactiver JAVA en attente d'un correctif de sécurité

OS X : désactiver JAVA en attente d'un correctif de sécurité | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
Actualité Apple : OS X : désactiver JAVA en attente d'un correctif de sécurité...

 

JAVA ne se traine pas une formidable réputation en matière de sécurité, surtout sur nos Mac où Apple a souvent fait preuve d'une formidable lenteur pour mettre à jour la machine virtuelle JAVA. Désormais c'est Oracle qui préside aux destinées de la brique logicielle sur nos machines pommées.

 

En attendant, si vous n'en avez pas un besoin immédiat et absolu, vous pouvez simplement désactiver JAVA pour régler la question. Pour cela, direction le dossier Utilitaires de votre dossier Applications. Lancez Préférences JAVA et, dans l'onglet gGénéral, désactivez Java SE 7 (oui, l'image montre un système avec JAVA 6). Et voilà. Pour réactiver, procédure inverse.

 

more...
No comment yet.
Rescooped by Gust MEES from ICT Security-Sécurité PC et Internet
Scoop.it!

Multi-Platform Java Exploit Targets Macs, Linux, Windows

Multi-Platform Java Exploit Targets Macs, Linux, Windows | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it
If allowed to run, a malicious Java applet checks the user's operating system and delivers a payload customized for that platform, whether it's Windows, Mac OS X, or Linux.

 

Read more:

http://www.securityweek.com/multi-platform-java-exploit-targets-macs-linux-windows

 

more...
No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Cross-platform malware exploits Java to attack PCs and Macs | ZDNet

Cross-platform malware exploits Java to attack PCs and Macs | ZDNet | Apple, Mac, iOS4, iPad, iPhone and (in)security... | Scoop.it

The same Java vulnerability used in the infamous Flashback malware is now being used as an attack vector for a single piece of malware that can infect both Windows and Mac OS X computers.

 

Security vendors have discovered a new piece of malware that attacks both PCs and Macs. It uses the same Java security vulnerability exploited by the Flashback malware that infected hundreds of thousands of Macs. While the attack vector is the same as in Flashback, this Java Applet checks which OS it is running on and downloads suitable malware for it.

 

Gust MEES: use my free courses to know how to stay secure, follow links below...

 

http://gustmeesen.wordpress.com/2012/03/16/beginners-it-security-guide/

 

 

 

 

more...
No comment yet.