Apple Rolls Out New Update Patch, Combating Mac Flashback Trojan’s Java Exploit

Apple Inc.

Apparently Apple has just rolled out a new Java security patch which addresses the Mac Flashback Trojan’s Java exploit, because I has just updated my MacBook Pro with this patch through Software Update.  This is one quick patch that Apple has rolled out, and Mac users definitely are going to be safer than before in regarding to using Java on Mac OS X.  Still, you never know that sometimes in the near future another trojan might be able to find another exploit through Java, therefore the security philosophy that I have came to practice religiously is to deactivate what you don’t need — only activate the things you need and activate the things you don’t need at the time of having such needs.  Cnet has a nice article (How to check for and disable Java in OS X) which explains to you how to deactivate Java in Mac OS X.  One of the tips from this article stands out is how it mentioned of Java Preferences utility.  Through Java Preferences utility, you can basically disable Java from running on your Mac system.  So, even with the new patch is ready for you to download and update so Mac Flashback Trojan won’t be able to invade your Mac system, I still think you need to deactivate Java from Java Preferences utility.  Only reactivate Java from Java Preferences utility when you really have to use Java (i.e., an application that must have Java runtime environment activated in order for the application itself to be functioning)!  Check the screenshots below to see how you can find Java Preferences utility!  The screenshots below will also show you how to disable Java through Java Preferences utility!

  

Source:  http://reviews.cnet.com/8301-13727_7-57408841-263/how-to-check-for-and-disable-java-in-os-x/?part=rss&subj=news&tag=title

Latest Mac Flashback Trojan Threatens Mac Users With Java Enabled

Mac?!

Mac?! (Photo credit: Kramchang)

It’s being reported that the newest version of Mac Flashback Trojan can now exploit Java engine in Mac OS X, all versions of Mac OS X I guess.  It bypasses the administrator privilege protection, and so it can install itself onto any Mac machine with Java enabled without the need to use an administrator password.  As now, Apple has yet to release a security fix to counteract Mac Flashback Trojan’s Java exploit, therefore I think it’s best for you to disable Java plugin for your browsers!

Should you disable Java on Mac altogether?  Yes, but unfortunately Java is so interconnected with Mac OS X (all versions), therefore I do not yet know how to disable Java on Mac.  If you know, please write a comment or two and share your knowledge with my blog’s readers.  Anyhow, the easy quick fix for now is not to use Java in any browser that you use on Mac.

Without further ado, now I’m going into how to disable Java on the most popular browsers that you can use on Mac.  These browsers will have to be Safari, Firefox, Chrome, and Opera!  So check the instructions below…

  • Safari – disable Java, you need to go to Safari > Preferences > Security > and uncheck the box that says Enable Java.
  • Firefox – disable Java, you need to go to Tools > Add-ons > Plugins > and disable the Java Applet Plug-in plugin.
  • Chrome – disable Java, you need to type in about:plugins in the browser address bar and disable the Java plugin.
  • Opera – disable Java, you need to go to Tools > Advanced > Plug-Ins > and disable the Java Applet Plug-in.

Please don’t confuse Java with Javascript!  These two are different from each other!  Nonetheless, let me digress a little.  Javascript can also be dangerous sometimes, therefore you can disable Javascript by using popular extensions that are made available for certain popular browsers!  In Firefox, you can use Noscript extension.  In Chrome, you can try out the ScriptNo extension.  I don’t know any extension that can disable Javascript for Safari and Opera.

Sources: