It’s being reported that the newest version of Mac Flashback Trojan can now exploit Java engine in Mac OS X, all versions of Mac OS X I guess. It bypasses the administrator privilege protection, and so it can install itself onto any Mac machine with Java enabled without the need to use an administrator password. As now, Apple has yet to release a security fix to counteract Mac Flashback Trojan’s Java exploit, therefore I think it’s best for you to disable Java plugin for your browsers!
Should you disable Java on Mac altogether? Yes, but unfortunately Java is so interconnected with Mac OS X (all versions), therefore I do not yet know how to disable Java on Mac. If you know, please write a comment or two and share your knowledge with my blog’s readers. Anyhow, the easy quick fix for now is not to use Java in any browser that you use on Mac.
Without further ado, now I’m going into how to disable Java on the most popular browsers that you can use on Mac. These browsers will have to be Safari, Firefox, Chrome, and Opera! So check the instructions below…
- Safari – disable Java, you need to go to Safari > Preferences > Security > and uncheck the box that says Enable Java.
- Firefox – disable Java, you need to go to Tools > Add-ons > Plugins > and disable the Java Applet Plug-in plugin.
- Chrome – disable Java, you need to type in about:plugins in the browser address bar and disable the Java plugin.
- Opera – disable Java, you need to go to Tools > Advanced > Plug-Ins > and disable the Java Applet Plug-in.
Please don’t confuse Java with Javascript! These two are different from each other! Nonetheless, let me digress a little. Javascript can also be dangerous sometimes, therefore you can disable Javascript by using popular extensions that are made available for certain popular browsers! In Firefox, you can use Noscript extension. In Chrome, you can try out the ScriptNo extension. I don’t know any extension that can disable Javascript for Safari and Opera.
Sources:
- http://www.msnbc.msn.com/id/46933224/ns/technology_and_science-security/
- http://www.maclife.com/article/howtos/how_disable_java_your_mac_web_browser
Related articles
- Mac Java hole exploited by wild Flashback Trojan strain (go.theregister.com)
- New Trojan variant can install without password (macworld.com)
- New Java Attack Rolled into Exploit Packs (krebsonsecurity.com)
- New Trojan variant can install without password (infoworld.com)
- Flashback.G Trojan Targets Macs (pcworld.com)
- Mac Flashback trojan exploits unpatched Java vulnerability, no password needed (arstechnica.com)
- Flashback.G trojan seen exploiting ancient Java vulnerabilities to infect Macs (9to5mac.com)
- New Mac OS X trojan spotted in the wild (zdnet.com)
- New Version of Flashback Trojan Targets Mac Users (apple.slashdot.org)
- Intego finds new strain of Mac Flashback Trojan horse (macworld.com)
- Flashback Mac OS X malware exploiting (old) Java security holes (zdnet.com)
- How Secure Are Macs?, Low End Mac Round Table (lowendmac.com)