A variant of the Flashback malware that takes advantage of the well-known vulnerability has been spotted on the Internet, Helsinki, Finland-based F-Secure reported Monday. Oracle, which controls the Java platform, released an update in February that patched the flaw for Windows. Apple, which handles all Java updates on the Mac, has yet to follow suit.
Apple did not respond to requests for comment.
To avoid infection, F-Secure advised disabling Java on the Mac. "Please do so before this thing really becomes an outbreak," the vendor said. F-Secure has published a how-to on disabling Java.
Flashback, which targets the Safari and Firefox Web browsers, is designed to steal passwords to online banking and other Web sites visited by users of an infected Mac. The first version of the malware, discovered last September by security vendor Intego, disguised itself as an Adobe Flash Player installer that appeared when a person visited a malicious Web site. Several variants of the malware have been found on the Internet since the initial discovery.
Cybercriminals have been busy preparing to take advantage of the vulnerabilities listed in Oracle's latest patch release.. That's because people are notoriously slow in updating the Java platform on their computers. Security vendor Rapid7 says from 60 percent to 80 percent of computers are running older versions of Java.
Last week, an updated version of BlackHole, a software toolkit popular among cyber-criminals, was discovered on the Web with malicious code targeting the Java vulnerabilities addressed by Oracle. The kit, typically installed in a hacked or malicious Web site, is capable of attacking multiple plug-ins in the browsers of people visiting the site.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Cloud Learning Center

EPOS
EPOS

Fujifilm
Fujifilm

Application Integration 360

Mimecast
Mimecast

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Storage Learning Center

Carbonite
Cloud Storage 360

Webroot
Webroot Learning Center

BlackBerry
BlackBerry Learning Center

NPD
Industry Trends 360

Symantec
Symantec Business Security Learning Center

Channel Chief Showcase

Acer
Remote Workforce 360

Sherweb
Sherweb

APC by Schneider Electric
Digital Services for Edge Learning Center

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
