Apple pumps out yet another Java update

Filed Under: Apple, Featured, Malware

Apple has delivered - or so it says - on its promise to provide a Flashback malware removal tool.

The new update is packaged in two flavours:

* Java for Mac OS X 10.6 Update 8, documented in HT5243.

* Java for OS X Lion 2012-003, documented in HT5242.

Both updates claim that "this Java security update removes the most common variants of the Flashback malware. "

The one for Lion goes a little further:

This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.

The updates also include the latest Java version all over again, 1.6.0_31.

So if you missed the previous update, jumping to this one will effectively patch against Exp/20120507-A and fix problems with the Flashback malware (e.g. OSX/Flshplyr-D) in one go.

If you're using Snow Leopard, disabling Java in your browser won't happen automatically. It looks as though the Java applet autodisabler is Lion-only.

I'd love to tell you more about the Flashback remover supplied by Apple, but I'm afraid I don't know how.

There's no documentation about it; there's no information about how to run it by hand in the future, or how it works, or what variants of the malware it finds; and - at least on my uninfected 10.6 computer - it didn't give any visual indication that it had run at all. (Three words for Apple about security bulletins: promptness, clarity and openness.)

(Update. HT5247 has a bit more story about the removal tool. It's documented to say nothing if it finds nothing. Thanks to François for pointing this out.)

Also, of course, it won't protect you against reinfection, and it won't protect you against any other Mac malware.

So there you have it. Apple's Java distribution and the Flashback malware addressed in one go. Unless you have OS X Leopard (10.5) or earlier. If you do, you're still out of luck - no patches for you.


PS. See how I resisted the urge to mention the free Sophos Anti-Virus for Mac Home Edition, complete with detection, prevention and remediation of Flashback and heaps of other malware, at any point in the above article :-)

You might like

13 Responses to Apple pumps out yet another Java update

  1. IT Director · 1278 days ago

    Apple doesn't support older Macs (of which there are still a ton of in use) and they wonder why so many people (esp in IT) loathe them.

    • Nigel · 1278 days ago, really? I mean, do they REALLY wonder? That would imply that Apple actually cares why " many people (esp in IT) loathe them." Not to put too cynical a face on it, but it seems to me that Apple makes a very determined effort to give the impression that it does NOT care what people think. At least, that's the impression I get regarding the image the company portrays.

      Fortunately, Apple comprises a great many individual humanoids, many of whom (in my experience) demonstrate a much more caring and much less "keep-them-at-arm's-length" approach to their customers than the company's chilly front implies. In fact, some of the very best customer support I've ever received has come from certain individuals at Apple.

      But the company as a whole definitely seems to be losing its way. The steady decline in user accessibility to key parts of the system architecture, the shameful deterioration of built-in search functions, and the forced obsolescence of perfectly viable hardware are just a few examples. As a long-time Mac user, I wish it weren't so. But it is.

  2. Linda Abelson · 1278 days ago

    I just happened to attend a One To One session at my local Apple Store tonight on an unrelated topic, but brought up this issue and was met with stares of disbelief and silence. As a five month old neophyte in Mac world, I am dismayed, not only that yours (and a blip in David Pogue's column today in the NY Times) is among the few outlets for information on this subject, but that the highly trained staff at the Apple Store, for whose advice I paid an annual fee, either have no clue what's happening or are operating in a mandated cone of silence. Thank you for shining a light on this issue, but I am feeling kind of queasy.

    • they are in the vacuum of silence!

    • AppleGater · 1278 days ago

      Yeah..interesting! I still can't figure out why they call them "genius" :-) Especially on the pay they make!

    • Uwe · 1246 days ago

      Did they revoke your AppleID? ;-)
      It scares me how reluctant. Apple releases security patches. Also, their patches are often disguised as a benefit but they are not.

  3. Ted · 1278 days ago

    The so called Mac geniuses are some of the MOST stupid people you will meet on internet security. I have to make a special effort on Mac family members and friends to totally discount their opinion on security if they bring their computers in for warranty or other work. Even now, they will still be what I call "holocaust/Mac malware deniers". It is the same as trying to convert a christian or muslim from their faith, it is not happening.

    The Mac community will have to have 5-8 good hard malware hits like this latest Flashback drive-by for the "holocaust/Mac malware deniers" to finally see that their "precious" OS X can get pwnd just like a Windows machine.

  4. David B · 1278 days ago

    You've said "Apple has delivered - or so it says - on its promise to provide a Flashback malware removal tool."

    I have just installed the new update delivered through System Update, just as 'promised'!

    Here is confirmation!

    I must also agree with Linda A. - the staff in MY local Apple store ridicule my suggestions of the possibility of getting malware on my iMac!

  5. Daylily · 1278 days ago

    Last month I asked about security software at an Apple workshop and was told that none was needed. At another workshop I asked about backing up before upgrading iPhoto and again was told that wasn't necessary because the only people who had a problem were running Windows. And yet another workshop leader said that upgrading to ios5 was foolproof. So I would not trust any store employee to be well-informed.

  6. lois simmons · 1278 days ago

    for sure us with the 2006 Mac are very disappointed that apple has left us in the lurch. I checked with my nearest store and for a good workinh mac of my vintage 2005 they offer a whole 35.00 I believe theysaid for a trade is--now isn't that special! they have no qualms about leaving us who spent about 2000 dollars for this thing in thelurch andoutdated and with a jerky non performing for the new software and no updates available for us damn them anyway the stinkers!
    lois simmons

  7. lois simmons · 1278 days ago

    no doubt my criticism won't appear after their observence of my dissatisfaction with lack of support for my IMac.

  8. VJ Eyeborg · 1278 days ago

    I'm confused.. I use Snow Leopard, and I have now disabled the java web plug-in in Chrome after installing this update. Was that the right thing to do? Most sites I go to need java to run properly, my own word press site for instance was just a blank page after I switched java off, so...??

    • spidersilk · 1276 days ago

      It sounds like you're thinking of Javascript, which is not the same thing. Javascript is indeed very widely used - actual Java applets aren't.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog