HealthTalkie

Talk About Health and Its related Topics

 

Apple Releases Java Update To Remove Flashback Malware

by MacRumors
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2012/04/12/apple-releases-java-update-to-remove-flashback-malware/)


Apple just released Java for OS X 2012-003 (http://support.apple.com/kb/HT5242), an update to the Java implementation in OS X. The update removes "the most common variants of the Flashback malware." Interestingly the update disables the automatic execution of Java applets, and, if automatic execution is re-enabled, will again disable it if no applets have been run for "an extended period of time".

It was reported earlier this week that Apple was in the process of creating software (http://www.macrumors.com/2012/04/10/apple-developing-software-to-remove-flashback-malware/) to remove Flashback. It's been claimed that the Flashback malware infected more than 600,000 Macs (http://www.macrumors.com/2012/04/05/600000-macs-worldwide-reportedly-infected-by-flashback-trojan/) at its peak, though there have been a number of programs created to quickly and easily cleanse infected machines.

http://images.macrumors.com/article-new/2012/04/javaupdate.png

This Java security update removes the most common variants of the Flashback malware.

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

This update is recommended for all Mac users with Java installed.

For details about this update see: http://support.apple.com/kb/HT5242
The update can be downloaded via Software Update. A separate Java for Mac OS X 10.6 Update 8 (http://support.apple.com/kb/DL1516) is available for users on Mac OS X Snow Leopard.

Article Link: Apple Releases Java Update to Remove Flashback Malware (http://www.macrumors.com/2012/04/12/apple-releases-java-update-to-remove-flashback-malware/)

  • I thought that apple didnt get virus?
    - MultiMediaWill, 2 years ago
  • I thought that apple didnt get virus?

    All computers are susceptible to viruses... even iOS devices. Macs don't get as many viruses because Windows is more "popular" and is used in huge corporations, where information is very valuable. Hackers target them. Apple does try hard to keep OS X virus free though, including adding in an automatically updating safe list for some virus that was causing problems last year.
    - jackhdev, 2 years ago
  • I thought that apple didnt get virus?

    You're the exact type of user this update was released for.
    - daneoni, 2 years ago
  • link to the support page doesn't seem to work?
    - Sky Blue, 2 years ago
  • let the big boys handle this one (about time)
    - charlieegan3, 2 years ago
  • Even though none of the machines I know of are infected, this is still good to download and an run.
    - alphaod, 2 years ago
  • link to the support page doesn't seem to work?

    i can confirm that.
    - charlieegan3, 2 years ago
  • Finally A solution to this Flashback. Although i don't have it, Im glad my Mac Community is protected from these Things!
    :D

    Macbook Pro 17" 2.4ghz 120SSD/ Macbook Pro 15" 2.4ghz 750HD/ Iphone 4s
    Apple Tv/ Ipad 2 :apple::apple::apple:
    - SMOHKK85, 2 years ago
  • i can confirm that.
    Same here. 404 error.
    - toronado455, 2 years ago
  • I thought that apple didnt get virus?

    i hope that was a joke, try a smiley face to get that across next time.
    - charlieegan3, 2 years ago
  • I'd rather use virus scanning on a Mac than a PC.
    - Revearti, 2 years ago
  • Something satisfying about installing updates!:D
    - Santabean2000, 2 years ago
  • This Java security update removes the most common variants of the Flashback malware.

    So does that mean we still need to run the previous update in order to patch Java? What if your computer is NOT infected? What does this update do in that case? Does this update exist for users of earlier versions of OSX such as Tiger?
    - toronado455, 2 years ago
  • I got this trojan through the Java vulnerability. It infected my Mac Pro. I was not aware of it until I read the news stories about it last week. I removed it, and found parts of it had infected two other files on my Mac. Thanks to Little Snitch that was recommended to me after I was infected, which found these variants still "lurking."

    I am glad to have gotten rid of it... I will install this update just to be sure it is all gone.
    - adamw, 2 years ago
  • I thought that apple didnt get virus?

    This isn't a virus. And it's estimated that less than one percent of macs that had the trojan. The OS was in no way affected, it relates to third party software which is being dropped by Apple.
    - nelmat, 2 years ago
  • I thought that apple didnt get virus?
    Troll much?

    You can't honestly be stupid enough to not know the difference between a Trojan horse and a virus.
    - gmcalpin, 2 years ago
  • I thought that apple didnt get virus?
    It's not a virus. Educate yourself: Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)
    - GGJstudios, 2 years ago
  • The update is not showing up for me yet?
    - iCaleb, 2 years ago
  • All computers are susceptible to viruses... even iOS devices. Macs don't get as many viruses because Windows is more "popular" and is used in huge corporations, where information is very valuable. Apple does try hard to keep OS X virus free though, including adding in an automatically updating safe list for some virus that was causing problems last year.

    Is Flashback a virus? It's malware, but is it a self-propagating virus? And it's not true that Macs have fewer viruses because Windows is "more popular". OS X is inherently more secure, but as Flashback proves, it's not 100% bulletproof. But as Apple has proven with this update, the good design of OS X allows them to protect users, even after an incident arises.
    - coolfactor, 2 years ago
  • All computers are susceptible to viruses... even iOS devices. Macs don't get as many viruses because Windows is more "popular" and is used in huge corporations, where information is very valuable. Apple does try hard to keep OS X virus free though, including adding in an automatically updating safe list for some virus that was causing problems last year.

    While you are partially correct, you are also wrong. You see, UNIX is protected by magical fairies and it inherently makes me post things when my body is compromised by sleep-loss.

    There is a member here with a link to a page explaining the entire detailed information in their signature here on MR. Anyone who can post that link here would be my hero.
    - coder12, 2 years ago
  • So does that mean we still need to run the previous update in order to patch Java? What if your computer is NOT infected? What does this update do in that case? Does this update exist for users of earlier versions of OSX such as Tiger?

    It's generally recommended to install all updates that become available. Letting a system fall behind on updates is only asking for trouble.
    - coolfactor, 2 years ago
  • Is Flashback a virus? It's malware, but is it a self-propagating virus? And it's not true that Macs have fewer viruses because Windows is "more popular". OS X is inherently more secure, but as Flashback proves, it's not 100% bulletproof. But as Apple has proven with this update, the good design of OS X allows them to protect users, even after an incident arises.

    It's both popularity AND inherent security. :rolleyes:
    - Codyak, 2 years ago
  • Thats weird. For some reason on one of my Macs it this update won't come up.
    - reclusive46, 2 years ago
  • This isn't a virus. And it's estimated that less than one percent of macs that had the trojan. The OS was in no way affected, it relates to third party software which is being dropped by Apple.

    1% is large for penetration of malware/Trojan type nasties. The most widespread attack for PCs is around this level

    When the story grew large, Apple acted quickly but they should have done so when they were alerted that the vulnerability existed some months ago

    It has been reported that just having ClamXav or similar installed was enough for the malware to delete itself if it was downloaded. It's the only protection I currently use and mainly for downloads
    - bassanoclapper, 2 years ago
  • Thats weird. For some reason on one of my Macs it this update won't come up.

    Maybe the update will only show up on infected macs.
    - iCaleb, 2 years ago
  • The update also disables automatic java applets from being executed, which is a very good thing.

    In my opinion all plugins should get the same treatment and not run automatically, Flash included. That is somewhat inconvenient for some websites, but most extensions which allow this kind of blocking also allow whitelists and enabling the plugins on a case-by-case basis simply clicking the placeholder.

    A small price to pay, but a huge security improvement.
    - bsolar, 2 years ago
  • Well, can report that the update works (or appears to) as after installing on one of my computers, I received a pop up message advising that malware (flashback) was found and removed.
    - tbayrgs, 2 years ago
  • wow, even after running the terminal script to see if i had the trojan and it telling me my mac was clean, this update found and removed removed the flashback trojan

    http://on.fb.me/IbZPFf
    - roosta, 2 years ago
  • Thats weird. For some reason on one of my Macs it this update won't come up.

    The update is relevant only if you have Java. Maybe on that machine you don't have Java installed in the first place?
    - bsolar, 2 years ago
  • You're the exact type of user this update was released for.

    I bet there are far more users of this type than you'd think. Not every mac user is an 'enthusiast.'
    - svenn, 2 years ago
  • From the OP:
    "Users may re-enable automatic execution of Java applets using the Java Preferences application."
    So where do I find the Java Preferences application? It doesn't show up in Safari preferences or in the Applications folder. I'm running SL 10.6.8. Thanks.
    - Morod, 2 years ago
  • So where do I find the Java Preferences application? It doesn't show up in Safari preferences or in the Applications folder. I'm running SL 10.6.8. Thanks.
    Do you have Java installed? Have you looked in the /Applications/Utilities folder?
    - GGJstudios, 2 years ago
  • wow, even after running the terminal script to see if i had the trojan and it telling me my mac was clean, this update found and removed removed the flashback trojan

    Image (http://on.fb.me/IbZPFf)

    Not surprised that you were still infected. I was also still infected by 2 hidden program files, even after removing the trojan according to the F-Secure published removal instructions. I recommend you use "Little Snitch" to find any rogue programs on your Mac that attempt to send info out on the Internet without your permission. That is how I found the trojan's infected files on my Mac, even after the trojan was supposedly "fully removed."
    - adamw, 2 years ago
  • This isn't a virus. And it's estimated that less than one percent of macs that had the trojan.
    One percent is however a large number for a trojan. Even widespread worms like Conficker reached estimates of 'only' 9 million, which when one considers the hundreds upon hundreds million Windows machines in service - is a rather small percentage for a malware that is capable of direct non-intervention machine-to-machine propagation. And it in addition used 'trusted' machine distribution and spreading through infected media devices. (USB sticks in particular) In comparison, Flashback is an unsophisticated and very basic piece of malware.

    The removal tools that Windows Update regularly distributes though recorded only 1.7 million infections. (It won't of course count infections already removed by other software)

    Bear in mind that 1% infection rate of Windows 7 machines alone means some 5 million infections, and its quite likely only Zeus, an very well known and well developed series of trojans (which is regularly sold to 'underground investors'), exceeds that percentage.
    - Exhale, 2 years ago
  • While you are partially correct, you are also wrong. You see, UNIX is open sourced, so that means there are people constantly finding bugs in it and pointing out errors within it. Also the fact that Mac OS by default has its ports closed vs. windows leaving them open by default adds another layer of security to the system.

    The is a member here with a link to a page explaining the entire detailed information in their signature here on MR. Anyone who can post that link here would be my hero.

    This guy?

    http://forums.macrumors.com/showpost.php?p=13699396&postcount=85
    - djrod, 2 years ago
  • Not surprised that you were still l infected. I was also still infected by 2 hidden program files, even after removing the trojan according to the F-Secure published removal instructions. I recommend you use "Little Snitch" to find any rogue programs on your Mac that attempt to send info out on the Internet without your permission. That is how I found the trojan's infected files on my Mac, even after the trojan was supposedly "fully removed."
    If you had Little Snitch installed, you shouldn't have been infected, anyway. That's one of the apps the trojan looked for and if it found it, it would uninstall itself.
    - GGJstudios, 2 years ago
  • ~snip~ OS X is inherently more secure ~snip~

    Eh, I think that's true within reason. People assume though because they're on a mac that they're more secure. Maybe to a point, but because of that, people would tend to fall into traps a little easier since they'll always assume they're on a secure platform. They'll take risk, sometimes unknownly, that people on the windows platform wont take. (I know, some of you guys wont, but there's a lot of novice consumers out there)

    I remember on windows, I remember before viruses got really insane. I remember being able to surf the internet without worrying about malware and other junk that secretly installed itself. I've fallen into those traps and didn't make that mistake again. Those are the same sort of faults that helped this slice of code get around.

    I'm not sure OS X would ever erupt with the sort of widespread virus problems that Windows has though. Especially as they wall in their garden. iOS is a great example. The tight control they maintain helps prevent a lot of nasty stuff from getting through.
    - Josheh, 2 years ago
  • If you had Little Snitch installed, you shouldn't have been infected, anyway. That's one of the apps the trojan looked for and if it found it, it would uninstall itself.

    I did not know about Little Snitch until after I was initially infected, and had already "removed" the trojan. Some forum member told me about it, and recommended that I install it, just to be sure. I am glad I did, as I still had 2 files infected by the trojan lurking on my Mac. There is no telling how much personal info was stolen from my Mac by this trojan. I have since changed my online passwords.
    - adamw, 2 years ago
  • I did not know about Little Snitch until after I was initially infected,
    That explains it!
    I have since changed my online passwords.
    Very wise!
    - GGJstudios, 2 years ago
  • And I just found out that I had flashback. Nice.
    - Fraaaa, 2 years ago
  • Since I do not use or need Java for my usage, I have not got it installed, am sensible about where and how I surf, and am thus not infected.

    In addition to this, I have not had the updates because the runtime isn't installed on my computer - I have also disabled it in Safari's security settings pane.
    - joelovesapple, 2 years ago
  • So the main difference between this and the 2012-002 update that I installed a few days ago is that this will actually remove the malware (which I don't have)?

    And once again, users of Leopard and earlier OS versions are on their own.
    - Eric S., 2 years ago
  • They are moving fast.
    - Michaelgtrusa, 2 years ago
  • They are moving fast.

    You mean Apple? Yeah, once it became big news, about two months after Oracle released a fix for it.
    - Eric S., 2 years ago
  • So the main difference between this and the 2012-002 update that I installed a few days ago is that this will actually remove the malware (which I don't have)?

    And once again, users of Leopard and earlier OS versions are on their own.

    Get LittleSnitch, and/or any of the free anti-malware solutions available.
    - pooprscooper, 2 years ago
  • Get LittleSnitch, and/or any of the free anti-malware solutions available.
    You don't even have to do that.

    If you're on Leopard or earlier and are running MS Office 2008 or 2011 or Skype, you're protected.
    If you have Java disabled in Safari, you're protected.
    If you simply type the following into Terminal, you're protected:
    touch /Applications/ClamXav.app
    - GGJstudios, 2 years ago
  • OS X is inherently more secure, but as Flashback proves, it's not 100% bulletproof.

    Its your fault, if you enable plugins which you do not need, such as the Java web browser plugin. Enabled plugins require (waste) additional resources and increase the security risks for you.

    That is the reason why i use Firefox (http://www.mozilla.org/en-US/firefox/all.html), all plugins disabled if i do not need them, Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/) and NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/) Add-ons with the correct configuration.

    You might not like the message, but you are responsible for your own security, not some company like Apple.
    - Mr. Retrofire, 2 years ago
  • Ok so on my iMac I never had java installed, so I know I'm good. On my MacBook I have MS Office 2008 so I know I'm good. However, my PPC iMac running leopard has java installed and it was enabled in safari up until recently. I ran the 2 commands in terminal and came up clean. Now I am hearing it may still not be clean? Is there a way to check without any extra software?
    - Roc P., 2 years ago
  • And once again, users of Leopard and earlier OS versions are on their own.
    Correct, and enough tools to protect you exist (including your brain).

    ----------

    I ran the 2 commands in terminal and came up clean. Now I am hearing it may still not be clean? Is there a way to check without any extra software?
    Yes, the Terminal commands on several websites can help you. It is probably faster, if you use these tools:
    http://www.macupdate.com/find/mac/flashback

    Btw:
    http://www.kaspersky.com/downloads/free-antivirus-tools
    - Mr. Retrofire, 2 years ago
  • I like the security feature of not allowing java apps to run automagically. Oh-so-Apple-like way of enhancing security.

    I spoze a full sandbox option is due in the next OS release.
    - narutokun, 2 years ago
  • Correct, and enough tools to protect you exist (including your brain).

    ----------


    Yes, the Terminal commands on several websites can help you. It is probably faster, if you use these tools:
    http://www.macupdate.com/find/mac/flashback

    Btw:
    http://www.kaspersky.com/downloads/free-antivirus-tools

    Thanks for the info. Not too keen on installing any extra software though. We'll see.
    - Roc P., 2 years ago
  • I heard that Apple stopped producing their own versions of java? is that true?
    - dacoolest, 2 years ago
  • Dude, I ran the update and it said it was "detected and removed". WTF!!!!
    - tjcampbell, 2 years ago
  • I heard that Apple stopped producing their own versions of java? is that true?
    Obviously not, since they just issued an update for Java.
    - GGJstudios, 2 years ago
  • I was under the impression that several key tools like Google Docs run in Java.

    If so, now what?
    - ixodes, 2 years ago
  • Is Flashback a virus? It's malware, but is it a self-propagating virus? And it's not true that Macs have fewer viruses because Windows is "more popular". OS X is inherently more secure, but as Flashback proves, it's not 100% bulletproof. But as Apple has proven with this update, the good design of OS X allows them to protect users, even after an incident arises.

    I was replying to someone else asking if Macs can get viruses. I wasn't talking about malware. But yes, OS X is very secure and I really like it. However Windows has many, many more viruses because it is more popular. It seems that every time a Mac gets any type of malware or virus it makes headlines. That is not true with Windows. Why target something that is 10x smaller than something else (http://www.hongkiat.com/blog/mac-vs-pc-myth-busting-consumer-guide/)?

    I really like Mac, and it's the only operating system I use, but that's why.
    - jackhdev, 2 years ago
  • Get LittleSnitch, and/or any of the free anti-malware solutions available.

    Yeah, that's what I mean by "on their own." Apple is leaving those users on their own.

    Correct, and enough tools to protect you exist (including your brain).

    For me, no problem. But many users have no clue on how to handle something like this. Even instructions from Apple on approved third-party solutions would be better than nothing.
    - Eric S., 2 years ago
  • Obviously not, since they just issued an update for Java.

    Does that means we cannot run the non-apple version of java on a mac? Did apple recently made any changes regarding the process of installing java on a new Lion installation?

    I have this faded memory that I once had to install java in a different way after reinstalling Lion
    - dacoolest, 2 years ago
  • Yeah, that's what I mean by "on their own." Apple is leaving those users on their own.
    It's quite common for developers to stop supporting older OS versions. While the time frame or number of "generations" may vary, they all do the same thing.

    Microsoft Support Lifecycle (http://support.microsoft.com/lifecycle/?ln=en-gb&c2=1173)
    - GGJstudios, 2 years ago
  • I was under the impression that several key tools like Google Docs run in Java.

    If so, now what?

    Are you confusing Javascript with Java? Apart from the name, there is no connection between the two and it's Javascript that Google Docs makes heavy use of in the browser
    - Phil A., 2 years ago
  • It's quite common for developers to stop supporting older OS versions. While the time frame or number of "generations" may vary, they all do the same thing.

    And in Apple's case, that window is now very small. But official support is one thing, and just a little helpful suggestion is something else that would not seem unwarranted in a case like this.
    - Eric S., 2 years ago
  • And in Apple's case, that window is now very small. But official support is one thing, and just a little helpful suggestion is something else that would not seem unwarranted in a case like this.
    I completely agree. I wish the support window was longer for Leopard.
    - GGJstudios, 2 years ago
  • Are you confusing Javascript with Java? Apart from the name, there is no connection between the two and it's Javascript that Google Docs makes heavy use of in the browser
    True, I had a moment of brain fade. Thanks for correcting me :)
    - ixodes, 2 years ago
  • Also the fact that Mac OS by default has its ports closed vs. windows leaving them open by default adds another layer of security to the system.

    Before making statements like this, perhaps you should look at the current release of Windows.

    Very few ports are open by default.
    - AidenShaw, 2 years ago
  • If you simply type the following into Terminal, you're protected:
    touch /Applications/ClamXav.app

    i just did this and got this

    adams-MacBook:~ abucci$ touch /Applications/ClamXav.app
    touch: /Applications/ClamXav.app: Permission denied

    am i doing something wrong?
    - roosta, 2 years ago
  • Before making statements like this, perhaps you should look at the current release of Windows.

    Very few ports are open by default.

    Usually the phrase you're quoting is proceeded by "the first thing you should do on any new installation is to turn off Windows Firewall. It doesn't do anything, and just bothers you all the time".
    - Renzatic, 2 years ago
  • i just did this and got this

    adams-MacBook:~ abucci$ touch /Applications/ClamXav.app
    touch: /Applications/ClamXav.app: Permission denied

    am i doing something wrong?
    Are you logged in as an admin user?
    - GGJstudios, 2 years ago
  • Dude, I ran the update and it said it was "detected and removed". WTF!!!!Yeah, me too! Right after the update, it showed a little window that said the malware had been detected and removed... or something along those lines. I hope that's a good thing, but I'd like someone else to confirm they saw a pop-up like this on their computer after they downloaded the update.
    - bungiefan89, 2 years ago
  • Couldn't an infected machine be updated remotely to be capable to killing anything known to remove it?
    - mentaluproar, 2 years ago
  • Couldn't an infected machine be updated remotely to be capable to killing anything known to remove it?
    There's nothing in this malware that can do that.
    - GGJstudios, 2 years ago
  • Are you logged in as an admin user?


    yes. any ideas?
    - roosta, 2 years ago
  • Yeah, me too! Right after the update, it showed a little window that said the malware had been detected and removed... or something along those lines. I hope that's a good thing, but I'd like someone else to confirm they saw a pop-up like this on their computer after they downloaded the update.

    same thing here, funny part is I checked for it prior to the update and I wasn't infected, so now Im confused
    - Cdaddy112, 2 years ago
  • Yeah, me too! Right after the update, it showed a little window that said the malware had been detected and removed... or something along those lines. I hope that's a good thing, but I'd like someone else to confirm they saw a pop-up like this on their computer after they downloaded the update.

    I also got this pop up, even after having checked via Terminal if I had been infected as various blogs suggested. Terminal showed nothing.
    - HelveticaNeue, 2 years ago
  • There's nothing in this malware that can do that.

    That's irrelevant. It's part of a botnet, which means an update could be spread to all infected macs to grant it that ability to kill processes.
    - mentaluproar, 2 years ago
  • So, Apple released a Java VM update that disables Java. And then re-disables it if the user actually wants to use it. I thought the Java JRE 6_31 build closed the security hole, so why would Apple need to lock down Java?
    - Riemann Zeta, 2 years ago
  • Usually the phrase you're quoting is proceeded by "the first thing you should do on any new installation is to turn off Windows Firewall. It doesn't do anything, and just bothers you all the time".

    In other words, remove the blade guards and still blame Windows if you chop off your fingers?
    - AidenShaw, 2 years ago
  • So, Apple released a Java VM update that disables Java. And then re-disables it if the user actually wants to use it. I thought the Java JRE 6_31 build closed the security hole, so why would Apple need to lock down Java?

    Common sense. If you don't use any Java apps for over a month, it's unlikely you're going to need to use them at all, so disabling it after that period makes perfect sense. This reduces the possibility that a future Java trojan of a different kind can attack unsuspecting users. If you're using Java regularly, this won't be a problem.
    - Negritude, 2 years ago
  • Ran that Russian site test, found no malware.

    When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

    The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

    Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

    Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

    Anyone else experience this pattern?
    - carlgo, 2 years ago
  • I heard that Apple stopped producing their own versions of java? is that true?

    They're not producing any new versions of Java, but they're still maintaining the existing version of Java.

    When Mountain Lion drops, the OpenJDK project will take over and provide Java for OS X.
    - Negritude, 2 years ago
  • I'm stuck at "waiting for other installations to complete"
    - SilverOnemi, 2 years ago
  • Ran that Russian site test, found no malware.

    When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

    The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

    Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

    Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

    Anyone else experience this pattern?While it might have been related, there in fact was a security update for Adobe Reader a couple of days ago, and that prompt to notify you of it and install it might have just coincided with the Apple update check. Here's the Adobe Reader update info: http://www.esecurityplanet.com/patches/adobe-releases-security-updates-for-reader-acrobat.html.
    - C DM, 2 years ago
  • Ran that Russian site test, found no malware.

    When I got the Apple software update message, the Adobe Reader update popped up behind it. I selected "remind me later" and it disappeared like it should, but the Apple update failed due to possible corruption, according to the window.

    The second attempt did not activate the Adobe message and was successful. It found and deleted the malware. Yikes.

    Now I can get Google sites like maps, etc, something that used to bring up that Error 303 message and only worked with Firefox.

    Maybe that Adobe update was a last ditch effort to squirm in? Very suspicious.

    Anyone else experience this pattern?

    That was pure coincidence. Glad you hear you have a clean system now!

    (The malware's MO was to inject into Google)
    - drspringfield, 2 years ago
  • Installed the update and it removed the malware from my computer. Thanks Apple!
    - Actual Size, 2 years ago
  • I had the malware, did that cause Safari to close every 30 minutes? :confused:
    - iKrl, 2 years ago
  • I had the malware, did that cause Safari to close every 30 minutes? :confused:

    Yes, most likely.
    - drspringfield, 2 years ago
  • I bet there are far more users of this type than you'd think. Not every mac user is an 'enthusiast.'

    Haha, I cant resist! - I know, enthusiasts build their own PC's!
    - gotluck, 2 years ago
  • Well that was short lived, if only ms :Dwindows was this simple... :D
    - kiljoy616, 2 years ago
  • This guy?

    http://forums.macrumors.com/showpost.php?p=13699396&postcount=85

    Nope, although he does have a lot of good links in that post! When I have time I'll need to read the info he posted.

    Before making statements like this, perhaps you should look at the current release of Windows.

    Very few ports are open by default.

    You're right; I was hoping to find the link to the article on my statement that describes it all in detail, but you're still correct :)
    - coder12, 2 years ago
  • Who didn't get the warning that you had it and were cleaned? My Mac was completely clean (so I thought) and had full updated scan ran after Update 7 had all Java turned off as well. So either Apple's installer is placebo and too self congratulatory or most info on the flashback was BS and definitions were not updated till yesterday with all major AV vendors failing? Find it hard and scary to believe.
    - derbothaus, 2 years ago
  • This still doesn't come up for me in software update......can I download it from apple directly?
    - BIS2, 2 years ago
  • Yes, typically Apple takes several hours to post the standalone installer at their support website (support.apple.com).

    In any case, here is the page with the link...

    http://support.apple.com/kb/DL1515
    - cvaldes, 2 years ago
  • I got this trojan through the Java vulnerability. It infected my Mac Pro. I was not aware of it until I read the news stories about it last week. I removed it, and found parts of it had infected two other files on my Mac. Thanks to Little Snitch that was recommended to me after I was infected, which found these variants still "lurking."

    I am glad to have gotten rid of it... I will install this update just to be sure it is all gone.

    Where did you get the trojan from?

    ----------

    Haha, I cant resist! - I know, enthusiasts build their own PC's!

    I considered that, but it ended up being more expensive than buying a PC pre-built. Some CPUs cost more alone than they do inside of a Dell!
    - faroZ06, 2 years ago
  • Yes, typically Apple takes several hours to post the standalone installer at their support website (support.apple.com).

    In any case, here is the page with the link...

    http://support.apple.com/kb/DL1515

    That one goes to an update from 4/3......I'll look in the morning though. Thanks.
    - BIS2, 2 years ago
  • Do you have Java installed? Have you looked in the /Applications/Utilities folder?

    Thanks, found it there. I've had Java disabled in Safari for a long time now, but never knew where Java prefs were.
    - Morod, 2 years ago
  • Well that was short lived, if only ms :Dwindows was this simple... :D

    It is, at least for those of us who are not haters :)

    It's just a computer. No more, no less.
    - ixodes, 2 years ago
  • That's irrelevant. It's part of a botnet, which means an update could be spread to all infected macs to grant it that ability to kill processes.
    It's not irrelevant. If it's removed, it's no longer part of the botnet. There is no way for any "update" to reinstall the malware once it's removed.
    - GGJstudios, 2 years ago
  • Me too, strange.

    I also got this pop up, even after having checked via Terminal if I had been infected as various blogs suggested. Terminal showed nothing.
    - tonyl, 2 years ago
  • FYI, on my mini with Snow Leopard I just checked Software Update which has Java for Mac OS X 10.6 Update 8, for those who haven't updated to Lion yet.

    I decided to just remove Java entirely, instead.
    - John.B, 2 years ago
  • Me too, strange.

    Unfortunately, the common instructions became obsolete several days ago (clearly the intention of the authors).
    - drspringfield, 2 years ago
  • In other words, remove the blade guards and still blame Windows if you chop off your fingers?

    Pretty much, yeah. :P
    - Renzatic, 2 years ago
  • It says all Macs with Java installed.

    But my 10.5 has nothing new. So Leopard: no update. I don't know about Snow Leopard.
    - Floris, 2 years ago
  • Nice but why is it 66mb?

    Edit: Because it contains a new version of Java. Ignore me heh.
    - dannytip, 2 years ago
  • Do I need to change all my passwords?
    - Daze & Confuse, 2 years ago
  • It says all Macs with Java installed.

    But my 10.5 has nothing new. So Leopard: no update. I don't know about Snow Leopard.

    SL got a Java 8.0 update
    - AlexBerkman, 2 years ago
  • Yeah, me too! Right after the update, it showed a little window that said the malware had been detected and removed... or something along those lines. I hope that's a good thing, but I'd like someone else to confirm they saw a pop-up like this on their computer after they downloaded the update.

    Exactly the same happened for me, even though I checked last week using there Terminal method and appeared to be clear.
    - judgejohn82, 2 years ago
  • I have Xcode installed(one of the things that apparently stopped the installation of the trojan), and I'd checked in terminal a few times over the last few days to see if I had it -all came up clean.

    Now when I installed the java/security update it says flashback was 'found and removed', should I be worried?
    Should I be running to change all my passwords?

    Jesus christ, this is like going back to the bad old days of constant reinstallations on my PC when I got malware.

    I can't believe I got infected, I'm the most careful, paranoid guy out there - I've never visisted any 'dodgy' sites and only install updates from vendor sites - ie adobe.com for flash etc.


    Sigh... :(
    - andymac2210, 2 years ago
  • You're the exact type of user this update was released for.

    I thought OS X has had trojans, malware and other nasties in the past. But no viruses. As far as I know. But I do know OS X can be infected still by various nasties. A lot less then windows cause of OS X base structure but even OS X is not impenetrable.
    - the8thark, 2 years ago
  • You can also use this site to check if you have/had the virus.

    http://www.flashbackcheck.com/
    - andymac2210, 2 years ago
  • You don't even have to do that.

    If you're on Leopard or earlier and are running MS Office 2008 or 2011 or Skype, you're protected.
    If you have Java disabled in Safari, you're protected.
    If you simply type the following into Terminal, you're protected:
    touch /Applications/ClamXav.app

    I Installed the update and had the message that it removed the malware from my computer even though I have MS Office 2008 installed?
    - Eric2, 2 years ago
  • You can also use this site to check if you have/had the virus.

    http://www.flashbackcheck.com/

    When I check this site AFTER having ran the Apple update earlier, it still says my Mac is affected...
    - judgejohn82, 2 years ago
  • I Installed the update and had the message that it removed the malware from my computer even though I have MS Office 2008 installed?

    This Flashback trojan has several variants, some of which were recently released. The "Terminal removal detection and removal instructions" and the list of programs that the trojan would refuse to install upon detecting is outdated in my opinion, as confirmed by so many people that thought "they were clean" of this trojan, yet Apple's latest Java update notified them that it had detected and removed the Flashback trojan code.

    New variants of this trojan seem to be installing regardless of what other programs are on the user's Mac, and seem to be hiding themselves from being removed and/or detected by the Terminal Trojan Removal Instructions that previously has been released by F-Secure and others.

    I had this trojan when it first came out, and it exploited the Java vulnerability to get into my Mac without me knowing about it. I started seeing strange things happening in the background (like a lot of data transfer being reported by my ISP) even after I followed the Terminal Removal instructions from F-Secure.

    Someone suggested I install "Little Snitch" which monitors and reports on any program out of the ordinary trying to send data out onto The Internet from my Mac. I installed "Little Snitch" and it reported that several Flashback trojan programs masquerading as hidden files and/or configuration files for valid Mac apps were trying to send data out to strangely named botnet servers without my consent. I Googled the domains they were trying to access and the filenames the trojan was masquerading as, and found on Apple discussion forums that other others were seeing the same trojan behavior with these infected files and botnet domains/websites.

    I manually removed these trojan infected hidden files and configuration files, and have had no more problems reported by Little Snitch. Also Apple's latest Java update did not report that it found any traces of this Flashback trojan on my Mac, when I installed it, unlike many other people who reported that the update said that it had removed infected Flashback files from their system.

    So I believe that every Mac user running Lion should install Apple's latest Java update (for Lion), and all Mac users should install the Little Snitch app (which runs for 3 hours free in demo mode). It can be restarted after 3 hours as many times as necessary. This way you should detect if any remnants of this trojan are trying to run and contact their command and control botnet servers.

    All Mac users should also verify that Java is disabled from running in Safari's Security Preferences panel, as an extra precaution.

    Hope this helps...
    - adamw, 2 years ago
  • Has this update killed anyone's Black Macbook 4,1 other than mine? My display worked fine before install, but after install, my display gets about 98% dim. The screen will be bright, then go dim. The only way to restore the brightness is to put the computer to sleep and wake it up, or to use the F1 and F2 keys to dim it all the way first and then brighten. This is clearly a software issue and not a hardware issue. Based on how the dimming and restoration works, as well as the timing of the install, it has to be caused by this Java update.

    Anyone else?
    - hodgjy, 2 years ago
  • Hope this helps...

    Thanks Adam.
    - Eric2, 2 years ago
  • I am wondering about something:

    I have an iMac running Lion and a MacBook running Lion. Both do not have Java installed, but did have Java enabled in Safari up until recently. I ran the terminal codes and came up clean. I have also not noticed any unusual behavior. I am under the impression that by never having Java installed that I could not have gotten this Trojan. What I am unclear of is that although I don't have Java installed, can the fact that I had Java enabled in Safari previously still have caused me to get this Trojan? Any info is appreciated.

    I also have a PPC iMac running Leopard which has Java installed by default and had Java enabled in Safari up until recently. I ran the terminal codes on it and came up clean. There hasn't been any odd behavior although I am still weary of assuming I am ok.

    Since there are a few variants of this Trojan, is there anything I can do that doesn't involve installing software to check if I have this Trojan? Again, if I never had Java installed on my 2 Macs running Lion but had Java enabled in Safari could those 2 machines still have been infected?

    On my PPC iMac running Leopard I noticed that when I disabled Java in Java Preferences in Utilities certain websites like Gmail weren't working properly. So I had to leave it enabled but I disabled it in Safari.

    I have also enabled my firewalls and changed my DNS to OpenDNS and disabled Java in Safari on all my Macs. Even though none of my Macs are acting any differently I would still like to know what else I can do to officially know if any of my Macs have this Trojan. Sorry for such a long post and if I sound confusing. Any help/advice/suggestions/feedback is appreciated, thank you.
    - Roc P., 2 years ago
  • You see, UNIX is open sourced

    It is ? News to me. What UNIX are you talking about exactly ?

    ----------

    inherent security. :rolleyes:

    There's nothing "inherent" about OS X as far as security goes. In fact, OS X compromises on security in quite a few areas (especially filesystem ACLs) for convenience's sake.

    ----------

    Obviously not, since they just issued an update for Java.

    What Apple said they would stop is at producing a version of Java 7 and beyond. They left that up to Oracle, and the project is underway under the OpenJDK banner :

    http://openjdk.java.net/projects/macosx-port/

    They however still maintain their J2SE 6 implementation.
    - KnightWRX, 2 years ago
  • You don't even have to do that.
    [LIST]
    If you're on Leopard or earlier and are running MS Office 2008 or 2011 or Skype, you're protected.


    I wish people would quit propagating this.

    Yes, you are protected from this specific variant, but there is no inherent protection in having them installed. For whatever reason this variant chose not to install itself if those apps were present. The next variant may not.

    Telling people they're protected and therefore don't need other tools, is negligent.
    - NakedPaulToast, 2 years ago
  • Yes, you are protected from this specific variant, but there is no inherent protection in having them installed. For whatever reason this variant chose not to install itself if those apps were present. The next variant may not.
    You are absolutely correct. I should have been more specific. If you have any of those apps installed you are inadvertently protected against this variant, but there is nothing about those apps that provides defense against malware. It just happened that this particular trojan uninstalled itself if it found a path to one of those apps present.... it didn't even require that the app be installed.... only that the path existed. There is no assurance that having any particular app installed, including any antivirus app, will protect you from future variants or other future malware. Thanks for pointing that out!
    - GGJstudios, 2 years ago
  • although I don't have Java installed, can the fact that I had Java enabled in Safari previously still have caused me to get this Trojan?
    The "Enable Java" setting in Safari Preferences doesn't install Java if you don't have it on your system. It only enables it in Safari if it is installed. If you don't have Java on your system, you couldn't get this trojan unless you entered your admin password to allow it.
    On my PPC iMac running Leopard I noticed that when I disabled Java in Java Preferences in Utilities certain websites like Gmail weren't working properly. So I had to leave it enabled but I disabled it in Safari.
    You don't need to disable Java in Java preferences. You only need to disable it in Safari preferences. Websites like Gmail will work perfectly fine with Java disabled in Safari.
    I have also enabled my firewalls and changed my DNS to OpenDNS and disabled Java in Safari on all my Macs. Even though none of my Macs are acting any differently I would still like to know what else I can do to officially know if any of my Macs have this Trojan.
    For any Mac running Snow Leopard or Lion, apply the Java updates by running the Software Update utility. For Macs running Leopard, follow the detection and removal instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml) provided by F-Secure.
    - GGJstudios, 2 years ago
  • When I check this site AFTER having ran the Apple update earlier, it still says my Mac is affected...

    That website is just a lookup to their database of affected UUIDs. If your system has ever contacted their sinkhole, it will always be listed as affected, even when it's been cleaned. So nothing to worry about.
    - drspringfield, 2 years ago
  • The "Enable Java" setting in Safari Preferences doesn't install Java if you don't have it on your system. It only enables it in Safari if it is installed. If you don't have Java on your system, you couldn't get this trojan unless you entered your admin password to allow it.

    You don't need to disable Java in Java preferences. You only need to disable it in Safari preferences. Websites like Gmail will work perfectly fine with Java disabled in Safari.

    For any Mac running Snow Leopard or Lion, apply the Java updates by running the Software Update utility. For Macs running Leopard, follow the detection and removal instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml) provided by F-Secure.

    Cool, thanks for the info. I didn't have any Java updates through the software Update utility on any of my Macs. It should be due to the fact that I don't have Java installed on my system's running Lion and my PPC running Leopard isn't supported by this update. I also don't recall any instances that I was asked for my admin password that seemed out of the ordinary. I ran the codes in Terminal and came up clean. Whenever Adobe alerts me of a Flash update I always go to the site to make sure there is a newer version out. However, I am still unsure of how to update Flash through Adobe's site and have been using their own update installer when I notice I am not running the current version because it always has that distinct look. I do want to learn how to update through Adobe's site though.
    - Roc P., 2 years ago
  • I do want to learn how to update through Adobe's site though.
    Find your Flash version (http://kb2.adobe.com/cps/155/tn_15507.html#main_LatestFlashPlayer) and make sure it's the latest version (http://www.adobe.com/software/flash/about/) available.
    - GGJstudios, 2 years ago
  • Has this update killed anyone's Black Macbook 4,1 other than mine? My display worked fine before install, but after install, my display gets about 98% dim. The screen will be bright, then go dim. The only way to restore the brightness is to put the computer to sleep and wake it up, or to use the F1 and F2 keys to dim it all the way first and then brighten. This is clearly a software issue and not a hardware issue. Based on how the dimming and restoration works, as well as the timing of the install, it has to be caused by this Java update.

    Anyone else?

    I've got the same Macbook, running 10.6.8. The update ran fine with no side effects. I've tested it both on battery and powered.

    Have you checked the Energy Saver System Preferences, to see if they have changed recently? This sounds like screen dimming just prior to putting the machine to sleep and there are specific settings for that.
    - Kahunawave, 2 years ago
  • Find your Flash version (http://kb2.adobe.com/cps/155/tn_15507.html#main_LatestFlashPlayer) and make sure it's the latest version (http://www.adobe.com/software/flash/about/) available.

    Ah ok cool. Thanks!
    - Roc P., 2 years ago
  • Finally A solution to this Flashback. Although i don't have it, Im glad my Mac Community is protected from these Things!

    Unfortunately, Apple's patches are only protecting 80% of their Customer base.


    It's quite common for developers to stop supporting older OS versions. While the time frame or number of "generations" may vary, they all do the same thing.

    Microsoft Support Lifecycle (http://support.microsoft.com/lifecycle/?ln=en-gb&c2=1173)

    And in Apple's case, that window is now very small. But official support is one thing, and just a little helpful suggestion is something else that would not seem unwarranted in a case like this.

    YMMV, but I not say that 20% represents a "very small" percentage.

    As per Hitslink stats, 20% of Mac users are running Leopard or older versions of OS X.

    Apple hasn't issued any Java security patch for Leopard (or older), so this leaves 20% of the current Mac user base as vulnerable.

    Do note that Snow Leopard only superceded Leopard on 28 August 2009 ... that's only 2 years & 7.5 months ago, so its not particularly credible to claim that Leopard is so ancient that it shouldn't be supported.

    ...especially for security patches.

    -hh
    - -hh, 2 years ago
  • It is ? News to me. What UNIX are you talking about exactly ?

    OpenBSD, FreeBSD, NetBSD, most of the Linux's, and lest we not forget our own Darwin. Other Unix's are not open source and as a rule Unix is proprietary.
    - derbothaus, 2 years ago
  • OpenBSD, FreeBSD, NetBSD, most of the Linux's, and lest we not forget our own Darwin. Other Unix's are not open source and as a rule Unix is proprietary.

    I know, that was kinda my point... :rolleyes:

    And "most of the Linux's" doesn't qualify. There isn't 1 distribution of Linux that has a certification with the Open Group for the use of the UNIX trademark, nor is any of the AT&T (Bell Labs) copyrighted code base found in Linux.

    The plain fact is, UNIX is many things. Saying things like "UNIX is open source" is just showing ignorance about UNIX, what it is and how it relates to the different systems that use its IP.
    - KnightWRX, 2 years ago
  • Thanks for your reply. I did check all the energy savings settings, and all screen dimming is turned off. The screen going black (not fully black, but like 95%) is very intermittent. It'll just go. I can bring it back for 1 minute, 5 minutes, or an hour, but it eventually goes black again. I have no idea what is causing it, but I'm forced to assume it's software because it happened within minutes of the java update.

    I've got the same Macbook, running 10.6.8. The update ran fine with no side effects. I've tested it both on battery and powered.

    Have you checked the Energy Saver System Preferences, to see if they have changed recently? This sounds like screen dimming just prior to putting the machine to sleep and there are specific settings for that.
    - hodgjy, 2 years ago
  • Hi all,
    I thought i wasn't infected. When I first the article related to this malware a couple of days ago, I use the command screen and nothing came up. I have the symantec running on my mac for the last year and doing regular scans.
    But today I received an email from the administrators that my system had been compromised (I use a school network). Anyway long story short, I did the software update and it says the malware has been found and removed. However, after I did the update, I still received new cases related to system compromise. The guys at the help desk said I'm good since I have done the software update but to be honest, I don't feel safe now. I installed the little snitch application and I realized it's not actually something I can manage, I mean I'm not exactly sure about what to look for.
    Any idea about how I should proceed?
    - stdwest, 2 years ago
  • I'm pretty distraught over this. I don't engage in any risky computer behaviors, I am extremely computer savvy, and as many people have mentioned here, I checked to see if I had this malware via Terminal a few days ago and did not. I have no idea how I got it, but sure enough, Software Update told me it found and removed it.

    Apple had better put all of its focus into keeping Mac OS X secure, but this is ridiculous.
    - kerplunknet, 2 years ago
  • The plain fact is, UNIX is many things. Saying things like "UNIX is open source" is just showing ignorance about UNIX, what it is and how it relates to the different systems that use its IP.

    You are not wrong. Was only pointing out that it would be an OK wrong for a Mac user to think this as Darwin is open source. Most people don't know much about UNIX. Some people think it is a programming language, some think it is an app. It's OK, no-one cared when it was king and now the predominant versions for consumers have a GUI that hides it all.
    - derbothaus, 2 years ago
  • So I've been waiting for something to appear for me in software update and still nothing for java. Does this mean I don't have it installed? In utilities I see java preferences - not sure what that means. where would I look to know if its installed?

    thanks!!
    - BIS2, 2 years ago
  • You are not wrong. Was only pointing out that it would be an OK wrong for a Mac user to think this as Darwin is open source. Most people don't know much about UNIX. Some people think it is a programming language, some think it is an app. It's OK, no-one cared when it was king and now the predominant versions for consumers have a GUI that hides it all.

    It was wrong for me to think it is open-source though..! I'm taking a class on it lol, I don't know how I managed that slip-up.

    edit: It is ? News to me. What UNIX are you talking about exactly ?


    Thanks for the fix, KnightWRX :)
    - coder12, 2 years ago
  • It's not irrelevant. If it's removed, it's no longer part of the botnet. There is no way for any "update" to reinstall the malware once it's removed.

    Of course not, but the malware could be updated before the apple update is installed. I don't know about you, but I find out about software updates on macrumors before software update pops up and says "um, yea, a week ago apple released something. looks important."
    - mentaluproar, 2 years ago
  • So now that automatic execution of Java applets has been disabled in this update would it also be recommended to disable Java in Safari as well or should one consider themselves no longer vulnerable at this point?
    - Graig, 2 years ago
  • You are not wrong. Was only pointing out that it would be an OK wrong for a Mac user to think this as Darwin is open source. Most people don't know much about UNIX. Some people think it is a programming language, some think it is an app. It's OK, no-one cared when it was king and now the predominant versions for consumers have a GUI that hides it all.

    And I was responding to someone that claimed "UNIX is open source". So let's no go off on any tangents. If you don't know about something, best to shut your mouth is what I say. The guy I was responding to originally simply shouldn't have made the comment.
    - KnightWRX, 2 years ago
  • And I was responding to someone that claimed "UNIX is open source". So let's no go off on any tangents. If you don't know about something, best to shut your mouth is what I say. The guy I was responding to originally simply shouldn't have made the comment.

    A minor infraction. Congrats on the arrogance.
    - derbothaus, 2 years ago
  • I thought that apple didnt get virus?

    It's not a virus. Educate thyself.
    - LelandHendrix, 2 years ago
  • I tried to pay my bills today with my bank (Finnish Sampo Pankki) that uses Java and I wasn't able to do that. Then I checked Applications, Utilities, Java Preferences.app and noticed setting "Enable applet plug-in and Web Start applications" was disabled. If I wasn't reading the news about the update, I might have switched back to Windows to pay my bills!
    - tomihasa, 2 years ago
  • I tried to pay my bills today with my bank (Finnish Sampo Pankki) that uses Java and I wasn't able to do that. Then I checked Applications, Utilities, Java Preferences.app and noticed setting "Enable applet plug-in and Web Start applications" was disabled. If I wasn't reading the news about the update, I might have switched back to Windows to pay my bills!
    You don't need to disable Java in Java Preferences. The only thing you need to do is disable Java in your browser preferences. Then, when you reach a trusted site that requires it, re-enable it in your browser for the duration of your visit to that site. You never have to open Java Preferences.
    - GGJstudios, 2 years ago
  • You don't need to disable Java in Java Preferences. The only thing you need to do is disable Java in your browser preferences. Then, when you reach a trusted site that requires it, re-enable it in your browser for the duration of your visit to that site. You never have to open Java Preferences.

    This is my point! It's the update that changed the setting, not me! Check the description of the update.
    - tomihasa, 2 years ago
  • This is my point! It's the update that changed the setting, not me! Check the description of the update.
    Thanks! I missed that! One more reason why I'm glad I'm not on Lion!
    - GGJstudios, 2 years ago

Comment