According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.
How Did It Happen?
It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”
Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.
Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.
If you’re a Mac user on the Internet, chances are you’ve come across a few websites where embedded content isn’t displayed correctly. Instead you get an icon or an error message saying Missing Plug-In, often with few additional details about exactly what is missing.
While there’s no single installer which will solve all missing plug-in problems, there are a few common things to start with. If those don’t work you can delve deeper into non-common formats or the forgotten codecs of yesteryear.
According to a recent study, iPhone and iPad app development has a bigger learning than curve than any other mobile platform. It also costs developers more in terms of time and expenses to develop an iOS app than to create an Android, BlackBerry, or Windows Phone app.
Despite those challenges, iOS has boosted the popularity of Objective-C, the programming language used by Apple for both Mac and iOS development – making it the third most popular language with developers.
After a weekend deliberation, a federal jury in San Francisco handed Oracle a partial victory by finding Google guilty of copyright infringement yet remaining deadlocked on whether Google’s use of the Java APIs fell under “fair use.” The jury found that Google infringed a minimal amount of Java source code with Judge William Alsup indicating that Oracle would only be entitled to statutory damages as a result. This certainly wasn’t what Oracle was hoping for and when Oracle’s lawyer seemed to suggest they were entitled to more than just statutory damages, Judge William Alsup quickly put the kibosh on that notion based on the minimal amount of code infringed, stating what they’re seeking as “bordering on the ridiculous.”
Flashback is the name of a virus that was able to infect a Mac and link it up to a botnet of around 600,000 other Macs. If you’ve updated your Mac with the latest Java patch, you should be fine, but Apple has provided this new tool for safe measure to Mac users running Lion without Java already installed.
Apple has just released an update to Java for OS X that effectively removes any traces of the notorious Flashback trojan from an infected system. The update can be downloaded now in Software Update on all Macs running Snow Leopard through Mountain Lion.
Apple has said that its working on a tool to end the notorious Flashback botnet once and for all, but there’s still the remotest chance you could get infected. Keep in mind that only around 600,000 Macs have fallen prey to Flashback, and that number is a tiny fraction of the millions of Mac users around the world. Most of the machines that have been infected already are centralized in North America.
Your Mac is completely up to date and you’ve already checked to see if you’re infected by the Flashback trojan. If everything is squared away and you’re not infected already, here’s how to ensure there is zero chance you’ll get infected while you wait for Apple to save the day.