Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Updates Java To Include Flashback Removal

Posted by samzenpus on from the protect-ya-neck dept.

Fluffeh writes "In the third update to Java that Apple has released this week, the update now identifies and removes the most common variants of the Flashback malware that has infected over half a million Apple machines. 'This Java security update removes the most common variants of the Flashback malware,' Apple wrote in the support document for the update. 'This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.'"

4 of 121 comments (clear)

  1. Re:No way! by Kenja · · Score: 5, Informative

    Macs don't get viruses!

    Almost no computer gets viruses anymore. Trojans & malware on the other hand...

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. immature=no java by Anonymous Coward · · Score: 5, Interesting

    So to fix the problem, they say lets disable java by default. They are new to the security game.
    Lets say using adobe photoshop had a vulnerability, apple's defense is disable the running of photoshop when launching a ps file withotut prompting?

    It's like preventing your child walking without your permission every time and then when their grown up and able to make their own decisions and decide to walk, you say, oh you have not walked in a while, you can't walk again.

    1. Re:immature=no java by BasilBrush · · Score: 5, Informative

      What, you mean a new feature? Wikipedia is your friend, there's a long list of new features for every major OSX version.
      e.g.
      http://en.wikipedia.org/wiki/Osx_lion

    2. Re:immature=no java by cbhacking · · Score: 5, Informative

      As of 2010, Adobe Reader was kicking Preview's ass on security. No, that's not a joke. Nor is it fanboyism; I don't use either one. It's just a plain and simple fact. The probable reason? Adobe, like Microsoft, has had many years of being a high-profile target, and has put a lot of effort into finding and fixing security bugs. Apple, quite frankly, has not.

      http://net-security.org/secworld.php?id=9725
      Watch the second video, and jump ahead to 8:57 (almost the end) if you want a simple comparison.

      For the lazy, here's the basic facts: Preview had from the same set of 1400 PDFs downloaded from the web, run through a mutational fuzzer to produce 2.8 million test files. Preview had 7 times as many unique crashes as Adobe Reader, and at least 3 times (more realistically, probably 10 times; at worst, 20 times) as many exploitable bugs.

      When a guy like Charlie Miller (very well-respected security researcher) can find 7 security bugs in Apple's code for each one he finds in Adobe's (using the exact same test cases), Apple has a serious security problem.

      --
      There's no place I could be, since I've found Serenity...