The Washington Post

New hole in Java opens doors to more Mac malware

A new vulnerability in Java 7 may let hackers attack Apple computers, bringing back memories of the recent Flashback Trojan that may have been stealing up to $10,000 a day in ad revenue.

The hole is found in Oracle’s latest Java 7 runtime and exploits are already seen using the vulnerability to attack Windows PCs. The virus enters a computer when the user visits a website. That’s it. The website may appear blank, but in the background, the malware is being downloaded to the computer. According to Cnet, some may see the word “loading” over the Java icon for a second.

Because the malware takes advantage of a hole in Java 7, it could lead malware writers to attack Mac systems that also use Java.

“Exploit kits” are now being sold in black markets that include the vulnerability — meaning we could see some real malware taking advantage of the hole soon.

The vulnerability nods to the Flashback trojan, which some say affected hundreds of thousands of Mac computers earlier this year, and gamed Google to steal advertising revenue in searches. The trojan was unique as its popularity helped Mac users realize that though Apple products have been predominately the “safer” option between a Mac and a PC, they are invincible. Flashback also exploited a hole in Java, which was later patched by Apple.

As Cnet notes, Oracle only updates its Java runtime software once a quarter and doesn’t often deviate from that pattern. Thus, the only way to really ensure your safety against the vulnerability is to fully uninstall Java 7. This may be a pain for some who use it regularly, and for them third parties may come out with patches of their own, but otherwise it’s probably a good idea to take it offline before someone really exploits the hole.

via Cnet; Oracle image via Peter Kaminski/Flickr

Copyright 2012, VentureBeat



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.