In two posts [ 1 / 2 ] last week, I warned you about an Apple OS X Java update that fixed a vulnerability attackers were leveraging to spread a mac trojan called Flashback. According to reports, this botnet trojan infected over 600,000 Mac users.
Today, Apple released yet another OS X Java update, this time designed to remove Flashback infections and to potentially mitigate future Java attacks.
According to Apple’s advisory, Java for OS X Lion 2012-003 configures the Java web plug-in to disable automatic execution of Java applets. This means if you visit a web page containing malicious (or legitimate) Java code, that code will not run automatically; thereby possibly preventing a drive-by download attack. The update does still allow you to manually re-enable automatic Java applet execution. However, if you do so, the plug-in will re-disable it if it detects you haven’t run Java applets for a long period of time.
This update also tries to detect and remove Flashback infections from your computer. It will inform you if it finds and removes an infection, otherwise it will remain silent when installed.
Though I don’t think the 2012-003 Java update is as critical as the first ones (which actually corrected Java vulnerabilities), it can help mitigate future Java-based attacks. If you’re a Mac user, I recommend you install it as soon as you can, or let Apple’s Software Updater do it for you. One note though…at the time of writing, though Apple had released their advisory and email about this update’s availability, I could not locate the update on their download page. I can only assume they either haven’t finished posting it, or have pulled it temporarily for some reason. In any case, I suspect it will show up on their download page, or in their Software Updater shortly. — Corey Nachreiner, CISSP (@SecAdept)