Mainstay Logo
New Java 7 Exploit Can Potentially Affect Macs

New Java 7 Exploit Can Potentially Affect Macs

Mainstay Computing offers Windows and Mac service, repair and consulting.

We can also correct the newly discovered Java vulnerabilities that can be exploited.

[Update: see http://appleinsider.com/articles/12/10/16/software-update-removes-apple-provided-java-applet-plug-in]

Take a read:

…if you have Java 7 installed on your system then the only effective means of closing this vulnerability is to disable the Java plug-in or remove the Java runtime altogether.

Reprinted from: http://reviews.cnet.com/8301-13727_7-57501517-263/new-java-7-exploit-can-potentially-affect-macs/

 

While there are no known attempts to use a newly discovered vulnerability to target Mac users, the exploit has been successfully triggered in both Safari and Firefox on Macs running Mountain Lion.

A new vulnerability was found last week in the latest Java 7 runtime from Oracle. The vulnerability is currently being used by malware developers to exploit systems with runtime installed.

Similar to the Flashback malware seen affecting Mac systems with unpatched versions of Java installed, this latest threat uses a drive-by attack in which simply visiting a malicious Web page will result in the Java applet running and compromising the system.

When the exploit loads, systems may see a blank Web page with no activity, but may also see a brief Java icon with “Loading” text before this icon and text vanishes.

Being a vulnerability in Java, the exploit has the potential to be cross-platform and, according to ComputerWorld, Mac systems with the Java 7 runtime are vulnerable. While there are no known attempts to use this vulnerability to specifically target Mac users, the exploit has been successfully triggered in both Safari and Firefox on Macs running Mountain Lion. Furthermore, the means to exploit this malware have been found distributed in underground malware development kits, making its easier for the exploit to be developed into malware by those wishing to target Mac users.

Luckily not being an Apple-supplied product and given that the current exploit is only in the latest Java 7 runtime means relatively few people will be at risk so far for this threat. You will have to both install Oracle’s Java 7 package and run across a Mac-specific exploit for this vulnerability, which to date has yet to be discovered.

Nevertheless, the vulnerability being open means the potential is there for hackers to take advantage of it, as was seen with the evolution of the Flashback malware.

When notable exploits began appearing for past versions of Java that Apple supported, the company took very basic but effective measures at tackling the issues, with the predominant one being to automatically disable the Java browser plug-in for systems that do not regularly use it. Unfortunately, Oracle’s Java runtime does not support these security measures, so as long as it is installed it will remain active by default.

Unfortunately, even with this vulnerability being exploited, Oracle updates Java on a quarterly basis so unless the company breaks this schedule (a rarity) to address this issue, then users have to wait until October to receive a patch. Some third-party have developed their own patches for the runtime, but are only issuing them to specific organizations that have special needs for them.

As a result, if you have Java 7 installed on your system then the only effective means of closing this vulnerability is to disable the Java plug-in or remove the Java runtime altogether. To do this, you can uncheck the “Enable Java” option in the Security section of the Safari’s preferences, or in Firefox go to the Add-ons option in the Tools menu and click the Disable button next to the Java plug-in listed there. If you choose to disable the plug-in only then you will have to do so independently for all browsers you run. Therefore, another option is to uninstall the Java runtime by going to the /Macintosh HD/Library/Java/JavaVirtualMachines/ folder and removing the file called “1.7.0.jdk.”

My Blue Heaven: Meconopsis.ca

My Blue Heaven: Meconopsis.ca

Bill Terry has a new website to reflect his passion of Meconopsis (the Blue Poppy) and to help him market his books “Blue Heaven: Encounters with the Blue Poppy”, and “Beyond Beauty: Hunting the Wild Blue Poppy”.

His website: http://meconopsis.ca.

While a fairly modest re-design, this brings Bill onto the powerful WordPress platform which brings significant improvements to his ability to:

  • edit the website himself
  • track visitors
  • add photos to the gallery by himself
  • allow search engines to find him
Live View

[browsershot url=”http://meconopsis.ca/” width=”550px”]

2012 International Naturally Autistic People Awards

2012 International Naturally Autistic People Awards

Naturally Autistic – ANCA have an upcoming Awards Ceremony.

Congratulations Charlie and Leonora on this amazing milestone!

I invite you to our upcoming awards Ceremony, where we celebrate outstanding people who accomplish outstanding things.

If you would like to help sponsor an award, or would like to know more about us, please visit out website to learn more.

 

Leonora Gregory-Collura

www.naturallyautistic.com

anca@naturallyautistic.com

Beachcomber B&B

Beachcomber B&B

Beachcomber B&B, run by Don and Angie Baylis on the Sunshine Coast of BC, is pleased to announce the release of their new website: http://beachcomberbb.com.

Following some rather dramatic ups and downs with their existing site, they soon realized that their site must be compatible with modern, mobile devices.

A successful redesign was completed and they now have a new brand, a new website that is SEO friendly, is responsive to mobile devices, and is clean and attractive.

Live View

[browsershot url=”http://beachcomberbb.com/” width=”550px”]

0 0