Apparently Apple has just rolled out a new Java security patch which addresses the Mac Flashback Trojan’s Java exploit, because I has just updated my MacBook Pro with this patch through Software Update. This is one quick patch that Apple has rolled out, and Mac users definitely are going to be safer than before in regarding to using Java on Mac OS X. Still, you never know that sometimes in the near future another trojan might be able to find another exploit through Java, therefore the security philosophy that I have came to practice religiously is to deactivate what you don’t need — only activate the things you need and activate the things you don’t need at the time of having such needs. Cnet has a nice article (How to check for and disable Java in OS X) which explains to you how to deactivate Java in Mac OS X. One of the tips from this article stands out is how it mentioned of Java Preferences utility. Through Java Preferences utility, you can basically disable Java from running on your Mac system. So, even with the new patch is ready for you to download and update so Mac Flashback Trojan won’t be able to invade your Mac system, I still think you need to deactivate Java from Java Preferences utility. Only reactivate Java from Java Preferences utility when you really have to use Java (i.e., an application that must have Java runtime environment activated in order for the application itself to be functioning)! Check the screenshots below to see how you can find Java Preferences utility! The screenshots below will also show you how to disable Java through Java Preferences utility!
Related articles
- Unpatched Java vulnerability exploited to infect Macs with Flashback malware (infoworld.com)
- Latest Mac Flashback Trojan Threatens Mac Users With Java Enabled (essayboard.com)
- Mac Flashback Trojan Ups Threat to OS X Machines via Unpatched Java Vulnerabilities (devicemag.com)
- Unpatched Java Leaves Macs Open to Flashback Malware (blogs.wsj.com)
- Mac Java hole exploited by wild Flashback Trojan strain (go.theregister.com)
- Mac Flashback trojan exploits unpatched Java vulnerability, no password needed (arstechnica.com)
- Flashback malware evolves to exploit unpatched Java vulnerabilities (reviews.cnet.com)
- New Flashback Trojan Variant Doesn’t Need A Password to Infect Your Mac [Trojans] (gizmodo.com)
- New Trojan variant can install without password (macworld.com)
- New Trojan variant can install without password (techworld.com.au)
- New drive-by download threatens Mac users (msnbc.msn.com)
- New Trojan variant can install without password (infoworld.com)
Filed under: Apple, Security Tagged: Apple, Cnet, JAVA, Mac, Mac Flashback Trojan, Mac OS, Mac OS X, MacBook Pro, Patch (computing), security