Mac Flashback Trojan Ups Threat to OS X Machines via Unpatched Java Vulnerabilities

April 3, 2012, By Sanjeev Ramachandran

A new serious threat is looming large over machines running Mac OS X. The minds behind the Flashback Trojan have updated the virus to make use of a weak spot in the Java software framework with these machines.

The new variant of the Trojan is a potential threat since it can take over the system even when the users don’t enter the password of the administrator. In other words, it can go in without your consent, once it reaches your system.

A java vulnerability, classified as CVE-2012-0507, which is yet to be patched for systems running Mac OS X is helping the latest variant of the Trojan named Flashback.k to hijack the system. So far what is known is that the Trojan has the ability to change the contents of the web pages when they are displayed on an infected Mac machine.

When the threat was first identified, Oracle has released a fix for it in February, but OS X users are yet to get a security patch to check this nasty Trojan.

Flash back has a horrendous past since it surfaced for the first time in last September disguised as the Adobe Flash player installer. New variants went on the prowl for more victims with complex features to bypass default OS X malware protections. It also brought along attack codes that exploit java vulnerabilities which were patched very earlier.

Apple has stopped putting Java with its OS X 10.7. Instead, it instructs the users to install Oracle developed software framework when users load web pages that needs it.

Apple has been criticized time and again for its lethargic approach in releasing Java updates for users. Now, be careful not to fall victim for Flashback.k if you are on an OS X machine.

© 2008-2012 - All rights reserved | Privacy Policy