search
top

Apple Releases Patch for Trojan that Affects 600,000 Macs

Apple released an update to Java bringing the version on Mac to 1.6.0_31 for Mac’s running OS X. This patch actually closes multiple vulnerabilities that were found in the previous Java version being 1.6.0_29. The most serious exploit that it patched was the allowance of malicious code to be executed by visiting a compromised website.

Users who visited a compromised website would unknowingly participate in the Flashback botnet. A Russian security firm Dr.Web claims that approximate 600,000 Mac’s have already been infected. The statistics include 19.8% in Canada, 56.6% in the US, 12% in the UK, and 6.1% in Australia with those statistics being the largest, Check out the graphic at the top of the article for more.

Apple Mac’s are not usually vulnerable to viruses in the same way that Windows machines are. There is a myth that Mac’s are immune to viruses but they simply are not. There are just a lot more viruses for Windows because there are a lot more Windows machines out there so there are simply more viruses for them. You should always protect your computer with antivirus protection don’t let over confidence get your computer infected.

Update: Find out if you are infected by following the steps below:

Manual Removal Instructions

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

4. Otherwise, run the following command in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%

5. Take note of the value after “__ldpath__”
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist

7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

10. Otherwise, run the following command in Terminal:

grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%

11. Take note of the value after “__ldpath__”
12. Run the following commands in Terminal:

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

13. Finally, delete the files obtained in steps 9 and 11.

If you got ‘does not exist” on step 9 then you are good.

Src

Learn more the author of this post:

Sanity
These posts are by the Goblin himself!
top