New Java-based attack on Mac OS uncovered

By Graeme Burton
17 Apr 2012 View Comments
Concept image representing virus malware

Apple's Mac OS X operating system has been targeted by new malware looking to exploit a critical flaw in Oracle's Java platform.

The exploit is related to the Flashback malware that Apple responded to last week by rushing out two urgent updates to Mac OS X to remove it. The updates also deactivated Java – a tacit admission of the seriousness of the threat posed to both PCs and Macs by flaws in Java.

Further reading

SabPub – Backdoor.OSX.SabPub – as it has been dubbed by Kaspersky Labs, creates a custom backdoor, which appears to have been designed for use in targeted attacks, according to Costin Raiu, a Kaspersky Lab researcher. The backdoor contains features to take screenshots of the user's current session, as well as enabling attackers to take control of infected machines.

"The Java exploits appear to be pretty standard," wrote Raiu on the Securelist website. "They have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products."

He continued: "If we are to believe the timestamps from the Java dropper, it was created on March 16, 2012 – so almost one month ago! The dropper Java class appears to have been sent to the ThreatExpert website on April 12th. We detect the Java exploit used in the dropper as Exploit.Java.CVE-2012-0507.bf."

The hackers are likely to be targeting Mac OS because many Apple users believe themselves to be invulnerable to security flaws – partly due to the platform's higher standard of security, but also as a result of "security through obscurity".

However, discovery of the Java vulnerability has led to a slew of new exploits being developed for both Mac and Windows platforms. These include "drive-by" infections when users visit malicious or compromised websites with Java enabled in their browsers.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
33 %
11 %
19 %