Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
Mac Newsforums, a part of the
12-04-2012, 03:42 AM #1
Newly Discovered Mac Trojan Exploits Same Java Vulnerability found in Flashback
New malware dubbed “Dockster” that takes advantage of a well-documented Java vulnerability has been found on a website dedicated to the Dalai Lama. The Trojan has been able to install itself on a Mac user’s computer to capture keystrokes and other sensitive data. At the time of its discovery (on November 30), the code’s creators were testing whether it would be detected, but as of this writing, the malicious code is now “in the wild.”
As mentioned in a previous report from F-Secure, Dockster leverages the same Java vulnerability to drop the backdoor onto a Mac, which then executes code to create an agent that feeds keylogs and other sensitive information to an off-site server. In the case of Flashback, which was discovered by Intego, a reported 600,000 Macs were affected before both Apple and Oracle ended up releasing a Java patch to remove the malware and protect against future attacks.
The new Dockster seems to take advantage of an already fixed weakness; users who haven’t yet updated their Macs or are running older software may still be at risk. We’ll have to see what Apple and Oracle end up doing to remedy the situation; in the meantime, we'd suggest practicing safe browsing.
Source: F-Secure, Intego
12-04-2012, 03:51 AM #2
FFS: If you let any old java app from the web run you deserve Trojans.
When it asks you if you if you want to run the java on the website just say no.
Also when apple give you a security update just install it.
12-04-2012, 08:54 AM #3
If you don't update your computer/software and get malware on your Mac you have no one to blame but yourself. It doesn't take long at all to do a software update and it could save you some grief.
12-04-2012, 03:00 PM #4
or... you know... you have an old version of an OS that apple and/or java isn't updating anymore, and can't update to a newer OS because of the requirements needed for the upgrade aren't there...
12-04-2012, 07:45 PM #5
Turn off Java in Safari or whatever browser you use then.
Haven't had mine on in a long time.