back to article Apple plugs Java hole after Flashback Trojan intrusion

Apple released a security update for OS X Java on Tuesday, plugging a security vulnerability exploited by the latest Flashback Trojan. The latest variant of the Mac-specific malware appeared on Monday and targeted a vulnerability in Java (CVE-2012-0507) which was patched on Windows machines more than six weeks ago. Apple's …

COMMENTS

This topic is closed for new posts.
  1. JDX Gold badge

    Not just banking

    Tons of browser-based games use Java too.

  2. Anonymous Coward
    Anonymous Coward

    Wait, where are the mouth foaming fanbois?

    1. bart

      Other Foam (no, not fanbois, or even Santorum - too messy)

      Too bad the fix is only for 10.6.8 & up. Can’t be applied to my incredibly old 10.6.5 (released 1 yr., 4 mos. ago . . .)

      I’m sure the reason for this is that it’s far to expensive for Apple to extend the fix to cover at least 2 years of OS, not that Apple is trying to corral users into their walled garden (10.6.6 & up infects Macs with the “app store.”)

      Apple only has the best in mind for their customers. Don’t they?

      All your phone/pad/app/os/book/music/movie are belong to us.

      1. Anonymous Coward
        Anonymous Coward

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        The problem lies with changes in Java as far as I can tel. It's not apples fault. You could just upgrade I suppose. Is that so difficult?

        1. Sjax
          FAIL

          Re: Other Foam (no, not fanbois, or even Santorum - too messy)

          Right it's not Apples fault even though Microsoft fixed this known vulnerability six weeks before Apple did. Be careful you don't trip over your untied fanboyism

      2. Anonymous Coward
        Anonymous Coward

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        It's a free upgrade to 10.6.8.

        Regarding the App Store 'infection', I'm not entirely sure what your problem is. Yeah it's installed, but you don't have to register and you don't have to use it. You can even drag out of the dock ad delete it from your HD if you're that bothered about it.

        Your Mac will still work.

      3. Ilsa Loving
        Facepalm

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        You're refusing to update to the latest patch release (still using 10.6.5 instead of 10.6.8) and yet you're complaining about not being able to use a java fix?

        1. Anonymous Coward
          Anonymous Coward

          Re: Other Foam (no, not fanbois, or even Santorum - too messy)

          Not sure how it all works in the Mac world, but I remember that I used to get quite annoyed by not being able to just download patches. If a security update included an extra application, it's not a security update in my books and the supplier can just poke it - I was at the 'angry young man' stage of my life at the time. If I need a patch for something like a browser, I wouldn't want some Yahoo! application being loaded on just because it came with the patch, sorry 'update'. And the supplier should be able to seperate out the security stuff from the functionality stuff so a decision can be made before the install as to whether the extra piece of software is installed in the first place, not have it installed by default.

          Having said that, I would rather go through the pain of removing stuff that's not required than exposing an unpatched machine to the network. Not that I've had to do that for a long, long time, thankfully. MikeOS FTW.

      4. Anonymous Coward
        Anonymous Coward

        @bart

        That's the problem with Apple. If they followed Google's Android example no one would need to care about updates only working on some versions of the OS.

      5. RAMChYLD
        Alien

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        > Too bad the fix is only for 10.6.8 & up. Can’t be applied to my incredibly old 10.6.5

        And the upgrade to 10.6.8 from 10.6.5 is free. Why not apply it? Does it take away any features you use?

      6. Chris 3

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        Sorry, but what's stopping you from updating to 10.6.8? Genuine question.

      7. Anonymous Coward
        Anonymous Coward

        Re: Other Foam (no, not fanbois, or even Santorum - too messy)

        Tw*t.

        I expect you are running XP SP2 as well.

        1. Anonymous Coward
          Anonymous Coward

          Re: Other Foam (no, not fanbois, or even Santorum - too messy)

          "I expect you are running XP SP2 as well."

          So, you're saying Apple's 1.6.5 of 2010 is equivalent to XP SP2 of 2004?

          1. Anonymous Coward
            Anonymous Coward

            Re: Other Foam (no, not fanbois, or even Santorum - too messy)

            No, but it is a dangerous unpatchable version of the previous mainstream Windows OS (No I don't include Vista as a mainstream OS...), that you would not expect to use on the Internet.

    2. Tom 13
      Trollface

      Re: where are the mouth foaming fanbois?

      Holding their fire waiting for the mouth foaming anti-fanbois obviously.

  3. Anonymous Coward
    Anonymous Coward

    Don't care

    Java is not installed on my macs...

    1. asdf Silver badge
      Unhappy

      Re: Don't care

      Wish I could get rid of the malware enabler myself but alas I need it for my dnla server PS3 Media Server.

    2. RAMChYLD
      Boffin

      Re: Don't care

      > Java is not installed on my macs...

      I wish I can say that, but for some reason LibreOffice requires it.

    3. KroSha

      Re: Don't care

      If only...

      But Adobe Creative Suite demands it too. Personally I have no use for it, but the other half uses it for work. Thus we have to have Java installed.

  4. Anonymous Coward
    Anonymous Coward

    First Steps On The Pathway To Nirvana

    OS X never ships with Java installed anymore.

    If you are one of the unfortunate souls tricked by Satan and ended up in eternal purgatory there is still hope for the redemption of your immortal soul:

    The steps are as follows:

    1. Check for Java Installation using your almighty holy Bash Terminal:

    sudo /usr/libexec/java_home -xml (an output with two JVM dictionaries confirms that Java is installed)

    2. Run the demon spawns uninstaller:

    sudo /usr/libexec/java_home –uninstall

    3. Remove the demon spawns JVM installation location:

    sudo rm -rf /System/Library/Java

    4. Run command from step 1 again (an output starting with "Unable to find any JVMs matching version" confirms that Java is no longer installed.

    5. Say 10,000 hail marys and you might be able to be let out of purgatory.

    ... that is all

    1. Dan 55 Silver badge
      WTF?

      Re: First Steps On The Pathway To Nirvana

      Or you could disable Java in the browser preferences...

  5. Anonymous Coward
    Anonymous Coward

    Mac botnet

    Some Russian security firm reckons they have found a botnet of Macs, established using the Flashback trojan:

    http://news.drweb.com/?i=2341&c=5&lng=en&p=0

    I thought that Macs (unlike Windows systems) were inherently safe and secure and that fruity followers need not worry about such things.

    1. TeeCee Gold badge
      Coat

      Re: Mac botnet

      Hmm, maybe the fanbois are going to have to eat crow over their pooh-poohing of the old "security through obscurity" tag....

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019