New Java-based attack on Mac OS uncovered

Apple's Mac OS X has been targeted by new malware that exploits a critical flaw in Java

Apple's Mac OS X operating system has been targeted by new malware looking to exploit a critical flaw in Oracle's Java platform.

The exploit is related to the Flashback malware that Apple responded to last week by rushing out two urgent updates to Mac OS X to remove it. The updates also deactivated Java – a tacit admission of the seriousness of the threat posed to both PCs and Macs by flaws in Java.

SabPub – Backdoor.OSX.SabPub – as it has been dubbed by Kaspersky Labs, creates a custom backdoor, which appears to have been designed for use in targeted attacks, according to Costin Raiu, a Kaspersky Lab researcher. The backdoor contains features to take screenshots of the user's current session, as well as enabling attackers to take control of infected machines.

"The Java exploits appear to be pretty standard," wrote Raiu on the Securelist website. "They have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products."

He continued: "If we are to believe the timestamps from the Java dropper, it was created on March 16, 2012 – so almost one month ago! The dropper Java class appears to have been sent to the ThreatExpert website on April 12th. We detect the Java exploit used in the dropper as Exploit.Java.CVE-2012-0507.bf."

The hackers are likely to be targeting Mac OS because many Apple users believe themselves to be invulnerable to security flaws – partly due to the platform's higher standard of security, but also as a result of "security through obscurity".

However, discovery of the Java vulnerability has led to a slew of new exploits being developed for both Mac and Windows platforms. These include "drive-by" infections when users visit malicious or compromised websites with Java enabled in their browsers.