Did the Java 1.6.0_31 update fix the Flashback trojan problem?
Is the recent Java update of OSX (Java for OS X Lion 2012-002) to 1.6.0_31
also a bug fix for the Flashback malware?
The update is described here as:
Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
It fixes the vulnerability that Flashback used to install itself; this Gizmodo article gives some more info to check:
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
If you don't have any anti-virus protection enabled, you might want to check out the excellent (and free) Sophos Home Edition
The recent Java update from Apple fixed the current malware vulnerability. If you want even more peace of mind for future malware protection you can disable Java on your mac. You can always easily re-enable it if your program requires Java. Here are the steps to disable it on your system:
- In Safari, go to Preferences > Security > Web Content and uncheck Enable Java.
- Then go to /Applications/Utilities/Java Preferences and uncheck all the checkboxes under the General tab.