PDA

View Full Version : Oh, no!! Apple has a flaw!!



DazzyD
20-05-2012, 09:50 PM
Despite the title I've chosen for the thread, I'm not about to get in to the Mac vs PC (or even Mac users vs PC users) debate as that is just a bit of rival banter and this subject is serious and could cause serious issues for Mac/Apple users.

Although there have a been a few sporadic malware attacks that have targeted the Apple community in the last couple of years, there's a new bad boy in town and he's already infected lots of machines. In fact, one security firm is suggesting that around of 12% of UK Mac/Apple devices have already been infected and the infection is spreading. And it needs to be stopped. Now, the one thing that is letting it spread is the cavalier attitude of the average Mac/Apple user with regards to security. They commonly hold the belief that Apple products are immune to attack due to the fact that Apple control every aspect of the OS, and not allowing third parties to mess with it, that Apple OS is watertight. Well, as the head of one computer security firm has stated "2012 will be remembered as the year Apple Mac was cracked."

This might sound like the trailer to a film but it's not. It's real. The threat comes from trojan "Backdoor.Flashback.39". It's been infecting Apple devices (not just Macs but also iPhone and iPad) for a while but, because of the scale of the attack, it's only started to get noticed recently. It exploits a flaw in Java which lets the hackers get root level access to the device and can monitor the user's activity and then send the results back to the hacker. It can identify and harvest bank details, passwords, even secret question answers such as the user's mother's maiden name. This information can make a lot of money for the hackers and cause a lot of problems and stress for the victim. And, if this doesn't sound bad enough, the worst part is just how it infects a device. It works by installing malicious code in a "drive-by attack". This means that a device can be infected just by a user visiting a compromised website that has been hacked and the code embedded in the webpage code. The user doesn't even need to download or click anything for the problems to start. So the user won't even know they've been infected until it's too late.

So, what action do Mac/Apple users need to take? First of all, a change in attitude as their devices are now vulnerable to attack on a scale never even imagined before. Then, they need to take precautions. Oracle (the producers of Java) and Apple have realised a patch to fix the loophole that let's the trojan in. Make sure that Java has been updated to the very latest version - this is secure. Then, you need to get some protection. If you don't have any anti-virus software then get some! Norton Anti-Virus 12 for Mac is a recommended software suite or, if you're tight ;) then there's a free alternative at:

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx.

I'm not a Mac or Apple user so I can't make detailed recommendations. However, as I've mentioned before, I am an internet security advocate who is very active in the movement to combat internet and computer security threats, internet scams and criminal fraudulent activity (and have been since the days of BBSs!). So, I will pass on my knowledge where I can.

Sources of knowledge include:

http://nakedsecurity.sophos.com/

http://safeandsavvy.f-secure.com/

http://news.drweb.com/?i=2415&c=10&lng=en&p=0

As with any threat, the biggest threat is naivity. So, share this knowledge with your Apple/Mac-owning friends, family and colleagues and help make the internet a safer place!

Vectis
20-05-2012, 10:25 PM
Good advice.

Probably worth adding though that Java isn't installed by default on OSX Lion, so unless you've specifically added it post-install, then this particular patch is of no consequence.

Jiggles
20-05-2012, 10:46 PM
Never needed Java so never had it installed! BUT to put a curve ball onto this its not Apples fault/ flaw its Oracles fault thats caused the security risk.

DazzyD
20-05-2012, 10:58 PM
Never needed Java so never had it installed! BUT to put a curve ball onto this its not Apples fault/ flaw its Oracles fault thats caused the security risk.

That's partly true. The fault did lie with Java but, in their defence, Oracle realised a fix as soon as they could and this helped to restrict the effect of the threat with PCs. However, it would appear that Apple have to ok any updates to products/services that are used on their OS but they were really slow on actioning this which has resulted in more Apple devices being infected than, perhaps, could have been. This isn't a new malware threat. It was first identified in 2011 but Apple have not taken any action until the last few weeks.

So, it could be said, the current scale of the problem really does lie at Apple's door.

Megamix
21-05-2012, 09:49 PM
I thought I'd try the Sophos one - but alas it made my iMac grind to a halt

Stu
21-05-2012, 10:32 PM
Is there anything I need to do to protect my Iphone from attack?

I'm just about to update the OS to the latest one, should i do this as normal or not?

DazzyD
21-05-2012, 10:49 PM
Hi Stu

I've looked around the security organisations websites and cannot find any specific reports of any iPhones being compromised although my original source of information suggested that infected iPhones were a definite possibility.

As for should or should you not update your iPhone's OS, then the simple answer is yes, you should. By installing OS updates, you are installing the latest fixes for any problems and this includes security issues. You should always keep your system up to date as an out of date system is a lot more vulnerable to security attacks. The fact that a large number of users don't keep their systems up to date is one that a lot of virus writers consider when they're planning their coding and why malware can linger on for a lot longer than it really should.

Megamix
21-05-2012, 10:56 PM
I had already run all updates, disabled java as a precaution. I'm going to continue without Anti-virus software on my mac. I run little snitch as well.

Jiggles
21-05-2012, 11:09 PM
This security threat cannot affect iPhones seeing as they don't use any java at all anywhere! Soni don't see where this is happening?

yourdj
22-05-2012, 08:18 AM
So what is the update required and which versions have this?

Just clicked update and it has said its updating 10.5 is this correct? :)

Stu
22-05-2012, 09:18 AM
Thanks Daz, appreciate the advice!

Megamix
22-05-2012, 09:48 AM
From Apple - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed.

DazzyD
22-05-2012, 09:54 AM
This security threat cannot affect iPhones seeing as they don't use any java at all anywhere! Soni don't see where this is happening?

Hi Callum

As I know nothing about the iPhone (as I stated, I was only passing on information I been told about), I'll have to take your word for it.

However, I will say that the article which sparked my interest in the subject stated


if you believe that your Apple Mac, iPhone or iPad is invulnerable, you need to think again.

However, the article was about several threats and not just about Backdoor.Flashback trojan which I have mentioned. Maybe I should have made that clearer at the start so I apologise if I've caused any confusion.

However, I do seem have got some Apple/Mac users on here (and elsewhere) thinking about the security of there devices which can only be a good thing.

All Apple users can find valuable info, direct from Apple, here:

http://support.apple.com/kb/HT1222

If anyone wants to read to the original article that I have referred to, it is in Issue 371 (the latest issue) of Computer Active magazine.

yourdj
22-05-2012, 10:13 AM
It does it in the software update function. this is what it has said:



"This update removes the most common variants of the Flashback malware. If the Flashback malware is found, a dialog will notify you that malware was removed. In some cases, the update may need to restart your computer in order to completely remove the Flashback malware.

To improve the security of your Mac, this update also disables the Java plug-in in Safari. For instructions on how to re-enable it, please visit: http://support.apple.com/kb/HT5241."

Megamix
22-05-2012, 10:18 AM
I don't think Apple users necessarily think they are absolutely invulnerable. However the risks are much less and the trade off to not using anti-virus software to me is more beneficial - but I use other strategies and keep updated etc.