Apple releases Java update; includes fix for vulnerability exploited by Flashback malware
Revision as of 13:08, 31 July 2015 by Eric.freyssinet (talk | contribs) (Text replacement - "/ www." to "/ |Site=www.")
(Publication) Google search: [1]
| Apple releases Java update; includes fix for vulnerability exploited by Flashback malware | |
|---|---|
| Botnet | Flashback |
| Malware | Flashback (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 4 avril 2012 |
| Editor/Conference | Intego |
| Link | http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/ (Archive copy) |
| Author | |
| Type | |
Abstract
“ Apple has released Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7, featuring a dozen security fixes, including one that has been used a recent variant of the Flashback malware, CVE-2012-0507. As the information about this update that Apple provides says,
Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. This is exactly what happens with the recent variant of the Flashback malware that we discussed yesterday.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR982,
editor = {Intego},
author = {},
title = {Apple releases Java update; includes fix for vulnerability exploited by Flashback malware},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/}},
}