from sectechno.com
New malicious software has been reported by F-secure that are running on Mac OSX a virus free operating system, the discovered malware is a Trojan horse that are exploiting vulnerability in oracle java component CVE-2012-0507.
Flashback code observed by F-secure (click to enlarge)
This critical vulnerability have been patched by oracle on February 15th but Apple have not yet released the required patch, this made most Mac OSX users open to this kind of malware and especially that a Blackhole exploit kit version is exploiting this vulnerability.
On the other hand if you are looking for a PoC than exploit already developed for the metasploit framework and you can check a video demonstration for the attack, but if you are using Apple system and while there still no patch available I think that it is time to consider the workaround by disabling java on your Apple operating system.
Looks like this has been patched
ReplyDeletehttp://news.techworld.com/security/3349116/apple-updates-java-for-mac/
Maybe Apple could have acted faster, but where are the reports of this malware actually causing problems in the Mac community?
The fact remains that ALL systems are subject to trojans, and there are MANY more targeting Windows. While user diligence can prevent Trojan attacks, the average Windows user will suffer harm from malware more than the average Mac user. The Mac is effectively safer despite all the FUD.