Original URL: http://www.theregister.co.uk/2012/04/02/flashback_mac_malware/
Mac Java hole exploited by wild Flashback Trojan strain
Flaw fixed for Windows, Apple fanbois left out
Posted in Security, 2nd April 2012 15:38 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Security watchers have discovered a strain of Mac-specific malware that exploits an unpatched vulnerability in Java.
A variant of the Flashback Trojan exploiting CVE-2012-0507 [1] (a Java vulnerability) has been spotted in the wild, F-Secure warns [2].
Oracle patched the vulnerability for Windows machines in February but is yet to issue a fix for Mac OS X - creating a window of opportunity for virus writers.
F-Secure advises users to disable Java, which isn't needed to surf the vast majority of websites, on their Mac, as explained in an earlier blog post here [3].
Some banking websites mandate the use of Java, in which case security-conscious Mac fanbois can re-enable Java for the duration of their session before turning it off again, the Finnish security firm suggests. ®