Apple releases Java update; includes fix for vulnerability exploited by Flashback malware
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Apple releases Java update; includes fix for vulnerability exploited by Flashback malware | |
|---|---|
| Botnet | Flashback |
| Malware | Flashback (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 4 avril 2012 |
| Editor/Conference | Intego |
| Link | http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/ (Archive copy) |
| Author | |
| Type | |
Abstract
“ Apple has released Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7, featuring a dozen security fixes, including one that has been used a recent variant of the Flashback malware, CVE-2012-0507. As the information about this update that Apple provides says,
Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. This is exactly what happens with the recent variant of the Flashback malware that we discussed yesterday.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR982,
editor = {Intego},
author = {},
title = {Apple releases Java update; includes fix for vulnerability exploited by Flashback malware},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://www.intego.com/mac-security-blog/apple-releases-java-update-includes-fix-for-vulnerability-exploited-by-flashback-malware/}},
}