ICT Security-Sécurité PC et Internet

The Flashback malware threat for OS X is on a steep decline, but still underscores that Mac systems are not immune to threats. Read this blog post by Topher Kessler on MacFixIt.

Apple responds to Flashback malware development with a Java update in less than a week. 

Following the recent Flashback malware developments for OS X where unpatched vulnerabilities in the latest Java runtime for OS X were being exploited, Apple has issued an update that brings Java up-to-date and patches these vulnerabilities.

The patch is available via Software Update for systems that have Java installed, but can also be downloaded from the following Apple support Web pages. The update is available only for OS X 10.6 and 10.7, since Apple has stopped supporting prior versions of OS X.

                                    ===> UPDATE!!! <===

This new minimum-threat malware development for OS X copies Flashback and suggests criminals jump on opportunistic bubbles. 

Recently the Flashback malware attacks on OS X gained headlines, not because of the presence of the Trojan, which had been around for some months prior to the increase in attention, but rather because it gained the possibility of installation in a drive-by-download attack that did not require any interaction from the user in order to install.

This development was made possible because of a vulnerability in Java that allowed for a maliciously crafted applet to break the Java sandbox and write files to the disk. Apple has since patched this issue and it, along with other companies, have released Flashback Trojan removal tools to combat the malware; however, in its prime, the malware did reach more than 600,000 Mac users.

Read more...