Posted on 04/03/2012 7:30:16 AM PDT by cartan
Looks like the revenge of the java developers.
the first i ever saw it, I said "java sucks" and I've been saying it ever since.
Swordmaker, I thought you swore this could never happen! Even though mac defender proved it could be done, but now this is just getting out of hand.
I’m sure this isn’t really in the wild or anything like that and is just FUD spread by nonMac users to confuse people. Please tell me the truth behind this because we really can’t believe what anyone says about this stuff except for Apple.
Software is ....well software....exploits are always possible.
I agree, but after hearing for years that this can’t happen to Macs I just figured I’d ask to understand why/how this is possible :-)
I’ve always said if/when Macs get more mainstream they will have more people exploiting the security holes on them.
No, you've been told that Apple OSX viruses don't exist. They still don't. None, zero. This is merely another Trojan horse. Social engineering.
It’s a Trojan horse. No different. . . Taking advantage of outdated software and already closed vulnerabilities on the latest two versions of OSX from at least TWO YEARS ago. It IS no different from MacDefender.
And right, it is no virus, technically. In fact, classical viruses are a thing of the past; it is all trojans, nowadays. Calling it “social engineering,” however, is misleading since the malware gets installed even if you don’t cooperate. (The difference is that if you say “yes,” it gets installed system-wide. If not, it will still run under the user account.)
Not on OSX.6 or OS.7 systems of the past two years... only older OSX.5 systems and older that have not been updated to the newer Snow Leopard and Lion systems.
Incidentally, Apple released a Java Runtime patch to fix this vulnerability for anyone that has Java Runtime installed, including those who may have installed it on Snow Leopard and Lion...
ok so it sounds like OSX is just like every other OS on the market today. I thought it was special and was not vulnerable to attack unless the user entered an admin password and chose to install the malware.
Glad we got that cleared up. Looks like I was right all along. Nice to see you joining me glad to have you on the team.
There’s no such thing as “merely” another Trojan horse. The most widely spread chunks of malware in history were “merely” Trojan horses. Users have always been the weakest link in security, and that’s true on all platforms.
You thought right....
"First it will ask for an administrator password, and if supplied it will install...."
Look, for-q-Clinton, You have been told this repeatedly... quit acting as though this were a new discovery. Quit being so disingenuous... and trollish.
It is a TROJAN... all operating systems are susceptible to Trojans... OSX less so because it has a built in Trojan detection that is NOT dependent on third party add on software for such protection and will identify known Trojans and prevent them from being downloaded or being installed. Apple has already PATCHED the Java Runtime vulnerability this exploit depends on to operate and pushed it out to OSX users. Apple has also already pushed out the signature of this Trojan to its built-in detection system, 24 hours or so after its discovery. Apple users ARE protected.
This is a basic non-story we have seen numerous times when a new variation of an existing (which they said) Trojan is released. The only Apple OSX users who were at risk were those who had not upgraded in the past two years, and who have installed Java Runtime on their previous installations of OSX... even THEN, although it was included with the distribution, the Java Runtime applet was an optional install. Now, Apple does not include it and, if a user wants it, he has to download it and install it.
The number of Trojans in the wild for Apple OSX is now about 20... compared to how many for Windows?
Correction it’s malware as it installs without needing the admin password. If you have the admin password it just makes it even worse for the system.
Funny how that works. I thought the only way to get malware on OSX was via the admin password. Looks like I was wrong or misunderstood what all the macbots told me. I’m glad I didn’t jump on that ship and convince my friends and family to go with OSX because it was malware proof. I’d have egg on my face if I did.
How many for windows? Depends, if I use your definition of always changing to explain away any issues then I could argue 0, but we know that’s not an honest answer just like OSX not being able to be attacked without the user giving up the admin password.
BTW: The slammer virus which is blamed on windows was a SQL issue and not an OS issue. Granted it was a Microsoft server, but as I’ve always said...Windows gets blamed for way more then it deserves simply because it’s easy and the users are ignorant. Many issues with windows is caused from Adobe products, but users will just blame windows.
You thought right.... "First it will ask for an administrator password, and if supplied it will install...."Now go back to the article and read the next sentence, too…
The user would have to give an admin name and password to have it install to affect any system level operations. Even at the user level, the this article uses FUD phrasing by stating "more global" in its description of what the malware could do, if the user installed it in the user's home directory. Exactly what does "more global" mean, for-q-clinton, in reference to what could be done with a system wide installation? NOT much! In fact, very little... the user would still have to have installed the Java runtime applet to even BE vulnerable to this exploit. Do you have any idea what a small fraction of OSX users that is?
I again repeat, this is an ALREADY closed vulnerability, for the past TWO YEARS, affecting a small fraction of OSX users of older OSX Macs, and in addition, Apple has pushed out a patch fixing even THAT vulnerability within a short time of the announcement of its being found. The system now identifies it and prevents its download and/or installation. You are beating a dead horse.
Yes. IF you have user accounts. Not everyone does. In fact of all Mac users I know, they all run as admin. For those that do have user accounts...(from CNET) “the attack does not require admin privileges to complete; however, it does ultimately result in a more obvious infection that will destabilize the system and lead to crashes.”
An “obvious infection” threat ain’t much of one.
Further....”OS X does not come with Java installed by default, and the latest versions of Java should be patched properly so anyone with new or properly updated systems should be safe from these threats...”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.