Feed
 

New Java malware, and free Anti Virus software suites

Avatar Euan Williams
Oh dear oh dear. Yet another Java villain has arrived, this time it uses Python scripts:

http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/

If you have used your browser preferences to "stop" Java -- NB "JavaScript" is something quite different and is fine to use -- and have installed all the latest Apple updates there should be no problem. But note that Apple have NOT issued updates to close off these attacks in OSX versions earlier than 10.6 Snow Leopard.

The Sophos page offers a simple, quick check to see if you have been compromised, and also free anti-virus software from Sophos for home users:

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

ClamXav is another free (open source) antivirus protector if you prefer to use that:

http://www.clamxav.com/download.php

The two AV software suites have been reviewed widely (see Google).

(re-posted from the F-Secure topic).

Re: New Java malware, and free Anti Virus software suites

Avatar Mark Ford
Did you instal this stuff Euan?
'Mac Home Edition'? whatever is that?
Which download, exactly, provides a 'swift, simple check..'?
It all looks so dodgy!

Re: New Java malware, and free Anti Virus software suites

Avatar Euan Williams
Tuesday 28th August 2012
Java's in trouble (again) this time it affects even the 1.7 Java runtime environment from Oracle:

> http://www.macworld.co.uk/mac/news/?newsid=3378068&olo=email <

Pending a patch from Oracle (that's where Java patches come from these days) all Mac users should disable Java in their web browser. For Safari look in Safari > preferences > security > ENABLE JAVA -- and make sure the tick box is empty.

Firefox is vulnerable, and other browsers may be too.

Java Script is something quite different, and is fine to use (keep the tick box ticked).

Older OSX versions are vulnerable too, so unless you are using a "pure" version of Lion or Mountain Lion (with which Apple ceased to install Java by default) you should act on the MacWorld warning asap.

Re: New Java malware, and free Anti Virus software suites

Avatar Eleanor Spenceley
This new vulnerability is _only_ in Oracle's new Java 7 (JRE 1.7), not earlier versions.

You have had to explicitly download the latest Java runtime (directly from Oracle) _and_ have Java turned on in your browser. If not, there's nothing to worry about.

If you want to know which version of Java you are running.

Open Terminal.
type in>

java -version

Or go to

Applications->Utilities->Java Preferences.

Personally if you don't need Java (i.e. don't run any Java based Applications), I'd disable it on your Mac.

Re: New Java malware, and free Anti Virus software suites

Avatar Douglas Cheney
Is it possible to delete Java from aMac

Re: New Java malware, and free Anti Virus software suites

Avatar Thomas Maude
Thanks for all this info guys and the links to possible solutions ....I for one am very grateful for you highlighting these kind of things that would have otherwise passed me by.

Ive downloaded the Sophos free home edition package and it's scanning through my whole system now. it identyfied one possible troj connected to the adobe flash thing that I installed as an alerted upgrade recently ....so that has been 'cleaned up" as it described .....not sure what cleaned up really means but anyway it has ...

Once again many thanks to Euan and Martin in particular and any others for providing this important stuff

Tom

Re: New Java malware, and free Anti Virus software suites

Avatar Eleanor Spenceley
Is it possible to delete Java from aMac

It depends on the version of Mac OS X you have and version of Java. Can you be more specific?

Re: New Java malware, and free Anti Virus software suites

Avatar Douglas Cheney
Running 10.8.1 and the latest Java 1.7

Re: New Java malware, and free Anti Virus software suites

Avatar Eleanor Spenceley
A quick Google returns

http://reviews.cnet.com/8301-13727_7-57423014-263/how-to-install-and-uninstall-java-7-for-os-x/

Re: New Java malware, and free Anti Virus software suites

Avatar Douglas Cheney
Thanks for that Martin, I went to the folder as listed but found it empty. I don't understand it because I did install the latest Java when it came out.

Re: New Java malware, and free Anti Virus software suites

Avatar Euan Williams
Like Doug, I didn't find Java 7 in the folder, although v6 was there, despite having installed v7. I fear this is one of the many mysteries to which mortals do not have access (but, being curious, I do seek enlightenment).

Meanwhile Oracle have posted a patch which may be appreciated by Java users:
http://www.appleinsider.com/articles/12/08/30/oracle_issues_patch_for_latest_java_security_flaw.html

Re: New Java malware, and free Anti Virus software suites

Avatar Eleanor Spenceley
Try looking in both:

/Library/Java/JavaVirtualMachines/

and

/System/Library/Java/JavaVirtualMachines/

If it isn't there, then you must just have the Java runtime plugin for the web browser.

see http://www.java.com/en/download/help/mac_uninstall_java.xml

Re: New Java malware, and free Anti Virus software suites

Avatar Douglas Cheney
Looked in System/LibraryJavaVirtualMachines and found 1.6.0.jdk. Is that what I should have found.

Re: New Java malware, and free Anti Virus software suites

Avatar Douglas Cheney
Just found this on OS X Daily Java SE 7u7 Update Resolves Recent Security Issue. Should I update.

Re: New Java malware, and free Anti Virus software suites

Avatar Euan Williams
Oops. Either the plot (or the soup) has thickened once more: Macworld has just reported as follows:

"Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system."

Further details here:
MacWorld update 31 August

If it's not Hurricane Isaac or the GOP conference it's something else. I'm hibernating. (But before the hot chocolate, thanks Martin for chasing Java down its various burrows.)

Re: New Java malware, and free Anti Virus software suites

Avatar Euan Williams
And a little mint to go with the chocolate?

More info from The A Register.

Re: New Java malware, and free Anti Virus software suites

Avatar Mick Burrell
It's not crystal clear to me (like lots of things!) but can this vulnerability only be exploited through a browser with Java enabled? I ask because I suspect not many of us use applications written in Java so could remove it completely but I happen to use two so can't.

I've long had Java disabled in my browsers and indeed have not downloaded Oracle's version - still using Apple's last one so it's for future reference really. I assume that normal firewalls etc. would prevent any internet based attack while running one of these applications - is that correct?

Re: New Java malware, and free Anti Virus software suites

Avatar Eleanor Spenceley
Can this vulnerability only be exploited through a browser with Java enabled? I

I believe so and only with Java JRE 1.7 (not 1.6).

I suspect not many of us use applications written in Java so could remove it completely but I happen to use two so can't.

If you are running Lion, I'd leave 1.6 alone. This is because it's part of the install of Lion and there maybe dependencies. Let Apple manage this.

I assume that normal firewalls etc. would prevent any internet based attack while running one of these applications - is that correct?

I assume your applications are basic Java desktop applications (like Eclipse or ThinkFree Office) and not Java web based or 'JNLP' downloadable applications. If so, then these applications behave like just another desktop application and cannot be accessed externally via the internet/network with or without a firewall in place (simplistically, basic OS security will prevent such access).
 
Feed