Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Java and Flash vulnerabilities mean Macs are no longer safe from security threats

Karen Haslam | March 8, 2013
Recently Apple has taken to blocking Java and Flash via Xprotect, this is not surprising given the alarming number of vulnerabilities discovered so far this year.

Apple has itself been a victim of Java exploits. On 19 February Apple confirmed that some computers belonging to its employees had been targeted by hackers. The hackers were said to be the same group that infiltrated computers belonging to Facebook employees the week before. Both attacks were committed via the same Java vulnerability as the Apple breach.

The company emphasised that: "Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found."

Later that day Apple issued a Java update for Mac OS X 10.7 patching a number of security vulnerabilities as well as scanning for the most common variants of the malware in question and removing them.

Sophos's advice is "get rid of Java altogether" or "ban it from your browser"."Keeping Java out of your browser removes the risk of hostile applets - special stripped-down Java programs embedded into web pages" is the advice in Sophos's Naked Security blog.

Apple also dissuades people from running Java, suggesting: "Enable Java in your web browser only when you need to run a Java web app."

Java has come under fire as the means by which hackers have been able to gain control of computers. In April 2012 more than 600,000 Macs were reported to have been infected with a Flashback Trojan horse that was being installed on people's computers with the help of Java exploits. Apple has already stopped bundling Java with OS X by default. You can read about how to disable Java on your Mac here.

Flash vulnerabilities

Of course Java isn't the only baddy as far as security on the Mac is concerned. Adobe has three times in the past month issued Flash updates. This week Apple began to block out-dated Flash players. This was the second time in a month that the company had blocked Flash unless users install a security update.

When attempting to view Flash content in Safari, users may see the alert: "Blocked Plug-in," says Apple on the web page announcing the availability of the update. If you visit a site that uses Flash to display ads you will see the following message: "Adobe Flash Player" is out of date.

"To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player" said Apple.

The latest version is Flash 11.6.602.171

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.