OSX/Flashback.K: How to protect yourself

Apple news, views and reviews

OSX/Flashback.K: How to protect yourself

3 April 2012 2,345 views 4 Comments

Need another reason to turn off Java? Pretty much every list of things to do that make your Mac more secure includes the admonition to turn off Java if not JavaScript in Safari and whatever browsers you’re using.

A fresh version of the Flashback trojan is making the rounds and is notable for one simple reason — it can install itself without any help from the user.

Flashback.K, as the latest variant is called, is able to hijack Macs even when users don’t enter an administrative password. Instead, it does this by exploiting a critical Java vulnerability classified as CVE-2012-0507… Although Oracle released a fix for the security threat in February, a patch has yet to be released for OS X users. That’s because Apple distributes Java updates itself and the company has yet to make one for the specific flaw, or indicate when it plans to do so — Ars Technica.

If you have Java installed and it’s turned on, you are vulnerable.

Gird your digital loins

That said, I keep Java up-to-date and turned off in Safari and Firefox by default simply because it’s so infrequently needed and associated with many bad things™, such as Flashback.k and other web-based attacks.

Apple has now issued patches — Java for OS X Lion, Snow Leopard Updates address Flashback.K…

~~Although Apple’s current version of Java doesn’t protect against Flashback.k, installing the most recent (November) update~~ will protect you against Java_Rhino — Java updates for Lion and Snow Leopard.

Again, however, Java in general is so insecure that it always seems there’s another unpatched exploit circulating in the wild — I keep Java updated and turned off until I need it. To turn off Java in Safari, go to:

Preferences > Security > uncheck Enable Java (image above)

Further, JavaScript is very, very buggy and prone to security issues, as well. Nevertheless, JS is used everywhere and turning it off can cause performance and compatibility issues.

One way of having your Javascript cake and eating it, too, is Drew Thaler’s JavaScript Blacklist (Safari extension) or a “noscript” extension.

What’s your take?

4 Comments »

Java for OS X Lion, Snow Leopard Updates addresses Flashback.K | FairerPlatform said:

[...] Yesterday, Fairer Platform brought you news of the Flashback.K trojan and how to protect yourself. [...]

# 4 April 2012 at 12:10 am

Mother of all Mac botnets? BackDoor.Flashback.39 spreads | FairerPlatform said:

[...] what it’s worth, given that most people don’t use Java daily, it can’t hurt to turn Java off until you actually need [...]

# 5 April 2012 at 2:16 am

Apple delivers Java updates with Flashback removal | FairerPlatform said:

[...] said, the best way to avoid the issue is to not install Java at all, uninstall it or disable Java in Safari until it’s [...]

# 13 April 2012 at 12:26 am

FairerPlatform » Blog Archive Java for Mac: Equal at last » FairerPlatform said:

[...] this year, the FlashBack trojan spread quickly, infecting more than 500,000 Macs, because Apple was too slow in preparing and [...]

# 14 August 2012 at 11:52 pm

Leave your response!

The ROCR on the web

Most Commented

Most Viewed

How to: Airport won’t activate? Try this simple fix - 69,646 views
Can my Mac run OS X Lion? - 67,324 views
New in OS X Lion: Mail 5 [u] - 41,457 views
15 free Mountain Lion screensavers - 40,494 views
How to: Lock your iPhone, iPod touch in landscape mode - 36,709 views

OSX/Flashback.K: How to protect yourself

Gird your digital loins

4 Comments »

Leave your response!

Recent Posts

Popular Posts

The ROCR on the web

Most Commented

Most Viewed