Category Archives: workstation security

Update your OS X Java now

There is a nasty trojan out there. Update your OS X Java now with Software Update (Lion & Leopard)

http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/

or disable the Java browser plugin for good (all older variants) with the /Applications/Utilities/Terminal command

sudo rm -rf /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin

For admins: Check remotely with ssh or Apple Remote Desktop

for i in Safari Firefox FirefoxAurora SeaMonkey Opera Google\ Chrome; do if ( defaults read "/Applications/${i}.app/Contents/Info" DYLD_INSERT_LIBRARIES ); then
echo TARKASTA; fi; done

See also https://github.com/hjuutilainen/adminscripts/blob/master/check-for-osx-flashback.K.sh

Installed Java version?

grep -1 VersionString /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Info.plist | tail -1 | sed -E 's,^.*>(.*)<.*$,\1,'

2012-04-15: After the 2nd update and should be 13.7.2 for Snow Leopard or 14.2.2 for Lion

2012-04-16: The update really is important asĀ new variants using the same vulnerability emerge.