• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Update OS X Java to Avoid Spreading Mac Malware

April 5, 2012 By Corey Nachreiner

Summary:

  • This vulnerability affects: OS X 10.7.x (Lion) and 10.6.x (Snow Leopard)
  • How an attacker exploits it: By enticing you to a website containing maliciously crafted Java
  • Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges
  • What to do: Install Java for OS X Lion 2012-002 or Java for OS X 10.6 Update 7 immediately, or let Apple’s updater do it for you.

Exposure:

Yesterday, Apple released an advisory describing a Java security update for OS X 10.6.x and 10.7.x. The update fixes 12 vulnerabilities in OS X’s Java components (number based on CVE-IDs).

Apple doesn’t describe each flaw in technical detail, but they do share the worst case impact. If an attacker can lure you to a website containing specially crafted Java code, he can exploit many of these vulnerabilities to execute code on your OS X computer, with your privileges.

This Apple update finally brings the Java updates Oracle released in February to OS X users. Unfortunately, attackers have already been exploiting one of these Java vulnerabilities against Mac users in the wild. A Mac trojan called Flashback has reportedly infected over 600,000 Macs, by leveraging one of these Java flaws (as well as a Flash vulnerability in the past). If you have any Mac computers in your organization, we highly recommend you install Apple’s OS X Java update immediately. You can also find instructions for checking your Mac for the Flashback malware here.

Solution Path:

[UPDATE] On Friday, Apple quietly changed the Lion Java update from 2012-001 to 2012-002 for undisclosed reasons (likely the original update didn’t fully work). We have updated this alert to include the new patch. If you updated OS X before Friday, be sure to do so again.

Apple has issued Java for OS X Lion 2012-002 [dmg file] and Java for OS X 10.6 Update 7 [dmg file] to correct these flaws. If you manage OS X 10.6.x or 10.7.x computers, we recommend you download and deploy these updates immediately, or let OS X’s automatic Software Update utility install it for you.

For All WatchGuard Users:

Some of these attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most WatchGuard appliances automatically blocks Java bytecode by default, which somewhat mitigates the risk posed by some of these vulnerabilities.

Status:

Apple has released Java updates to fix these issues.

References:

  • Apple’s OS X March Java advisory
  • Apple software downloads
  • Apple security updates

This alert was researched and written by Corey Nachreiner, CISSP.

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, code execution, Flashback, Lion, Oracle, snow leopard, Updates and patches, Zero day exploit

Comments

  1. computer security components says

    October 24, 2013 at 11:51 pm

    One easy way to push this page up in the SERPs (search engine results pages) would be to use an RSS feed. It’s easy, check out
    computer security components http://www.legalnursenetwork.com/

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use