Mac Flashback Abusing Unpatched Java for OS X

Cyber criminals have come up with password-stealing malwares that exploits java vulnerabilities Apple that has been slow to fix, despite concerned of the fact that the security flaw since February 2012, CNR reported this news on April 2, 2012.

Initially, the malware is reported to be found in September 2011, when it was being circulated as a forged flash player installer (hence the name "flashback").

As the exploits employed by the latest variants of the flashback malware has been quite an older version, but of recent another variant surfaced the air taking full-on advantage of the java vulnerability (CVE -2012-0507), which is unpatched recently in the OS X..

After being dropped and executed through the CVE-2012-0507 exploit, the new Trojan horse prompts a dialog window that asks the user for their administrative password.

In spite of whether the user input the password or not, the malware still infect the system. F secure elaborated about the malware. The purpose of the Trojan is to inject into the safari process and modify the content of various web pages.

Despite the fact that the new Mac system is not harmed by this malware in their prevalent configurations, the development sketches out a problem that shows the ways in which these threats are dealt with in cross-platform runtime like java. When these kinds of vulnerabilities are discovered, they are often distributed among malware generators through black hole kits that present tools and codes thus making malware dissemination easy for criminals.

There are rumors that a new exploit for different unpatched java exposures that are presently being sold on the underground market and could be used to target Mac users in a similar way in the coming years, as stated by the F secure researcher, according to the news published in pcworld on 2 April, 2012.

It thus, shows the way in which criminals behind the scene are functioning in disseminating flashback malware, thus inviting increased risk for java users.

It is also reported that cybercriminals have been tiring in preparing to take advantage of the vulnerabilities listed in Oracle's latest patch release. That's because people are notoriously slow in updating the java platform on their computers. Security vendor claims that 60-80% of computers are running the older version of java.

Related article: Mac OS X Devoid of Malware, Vexing Experts

» SPAMfighter News - 4/10/2012