Serge Stikine's stuff

Just another WordPress site

OS X JAVA Vulnerabilities Can Make Your Mac Sick [Updated]

Trojan Flashback information, ways to find them and disinfect (kill)

As many of MAC users already know, we have severe treat on our hands – Trojan Flashback. This Trojan has been discovered several month ago. Here are some things you need to know to avoid it.

First of all, IF YOU DO NOT USE JAVA but have installed it – disable it or remove it.  However, be aware that certain applications are only operational with Java installed.

DO NOT authorize any unknown requests for you system updates or installing unknown applications.  Do not sign applications with self-signed SSL certificates. Remember, installing unknown application can create potential security bridge and result in loosing personal data.

IF YOU ARE NOT SURE OF THE CONSEQUENCES OF YOUR ACTION DO NOT PROCEED FURTHER, STOP IMMEDIATELY.

Please check the Java version you are currently using. To do so open your Terminal (located under Applications/Utilities folder) and enter the following line:  java -version. If system’s response to this command will be: java version “1.6.0_31” you are up to date.

If you have received any other response, you need to go to the Apple Menu, choose Software Update and install all available Java updates.

If you decide to continue using JRE please adjust your security settings in Java Preferences. Here are my settings for Java as an example.

Other things I would strongly recommend is turning an option in Finder Preferences called “Show all filename extensions.” This will allow you to see file extensions and choose which ones you want to open.

Finally, if you decide to check your whether your system is infected or not open the Terminal and enter following the line:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

If you get this response – “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist” – your system is clean. In all other cases, please Download Flashback malware removal tool from apple.com mount the disk image, install removal tool then execute it.

 

References:

APPLE.COM
F-Secure

CVE-2012-0507

Advertisements

Written by Stikine

April 6, 2012 at 19:34

%d bloggers like this: