Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Senior Advisor

Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Here are details.

 

Please disable your Java 7 in your browser. Or uninstall it to prevent this issues.

 

All Java issues will be cross platform.(Don't ever say that you are running on Mac you are safe of this issues. It's not true!)

 

So you not alone.

 

It can happen to all OS that run Java. (Windows, Linux & Macs, and other OSes)

 

Apple did not issues any security fix or software patches for this problem.

 

It will take a longer time for Apple to response this security issues.

 

If you are using Windows and Linux,both Windows and Linux  release updates will be fast!

 

Unlike Mac OS X.(Frankly Apple Software  Updates to patch security will be very slow)

 

If you have not install Java, you will be safe!

 

Be sure you updates your Adobe Flash. They just release a new version a few days ago.

 

 

http://www.computerworld.com/s/article/9230656/Macs_at_risk_from_super_dangerous_Java_zero_day?taxon...

 

and New Mac Malware NetWeiredRC

 

http://www.intego.com/mac-security-blog/an-analysis-of-the-cross-platform-backdoor-netweirdrc/

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure Product Expert

Re: Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Hi,

 

Our Labs have written a short entry about this:

F-Secure Weblog

 

Thanks.


Best Regards,
Jayson

 

"A person who never made a mistake never tried anything new" -Albert Einstein

Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

4 REPLIES 4
F-Secure Product Expert

Re: Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Hi,

 

Our Labs have written a short entry about this:

F-Secure Weblog

 

Thanks.


Best Regards,
Jayson

 

"A person who never made a mistake never tried anything new" -Albert Einstein

Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

Senior Advisor

Re: Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Thanks Jayson!

 

 

 

 

Hi  All,

 

For your info, the latest update of Java 7 is still vulnerable.

 

Please read the article below:-

 

http://news.cnet.com/8301-1009_3-57504640-83/new-vulnerabilities-found-in-latest-java-update/

 

Oracle Java is screw up!

 

 

Senior Advisor

Re: Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

New vulnerabilities found in latest Java update

Following its latest updates, more vulnerabilities have been uncovered in Oracle's Java 7 runtime.

 

August 31, 2012 3:50 PM PDT

Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

Oracle's latest release of its Java 7 runtime has come under scrutiny in the past few weeks after it was found being actively exploited in malware attacks that target Windows systems. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit.

 

In response to these findings, Oracle broke its quarterly update schedule for Java and released update 7 for the runtime; however, even after this update, yet more vulnerabilities have been found. According to MacWorld, the Polish security firm Security Explorations is claiming to have discovered two new vulnerabilities in Java 7, which so far are proof-of-concept exploits that can be used to break the Java 7 sandbox and execute code. However, as with any vulnerability this opens new avenues for malware attacks.

Security Explorations is keeping the details about these latest vulnerabilities secret until Oracle addresses the problem, and has only stated that when exploited they allow rogue Java applets to break the Java sandbox and execute arbitrary code on the system.

Being only proof-of-concept attacks means that for now they should not pose much of a threat to Java users, and Oracle should address them in future updates. However, Oracle has recently met some criticism for its lackadaisical approach to addressing some known exploits. According to PCWorld, Oracle has known about these and other exploits since April of this year, and has not taken steps to close them.

These latest developments serve as a warning against using Java when not needed and also prematurely updating Java. Java 7 is still very early in its development, being only the seventh release so far, whereas prior runtimes have received over 30 updates to patch and manage vulnerabilities. As a result, if you need Java then you might consider installing a prior runtime version that has been well-tested, but if you do not need Java then you might consider avoiding installing it or removing it from your system if it is already installed.

Java 7 is an optional third-party installation for its supported operating systems, so only those who have installed it should be cautious of these vulnerabilities.

 

Pointers:-

 

If you use Java, disable Java from your Web Browser.

 

(Use Noscript. My best option is to disable Java. And better still don't install Java at all. Unless you really really need to use it.)


If you don't use it Uninstall Java!

 

 

Highlighted
Scholar

Re: Java 7 zero day security issues & Mac OS X new malware virus -NetWeirdRC

Unless Java will update again, this might be fixed and they should add more security.