"Fortunately, once it became a problem the company responded quickly." "Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear," said Chet Wisniewski, a security researcher with U.K.-based vendor Sophos, in a Wednesday blog. The seven-week stretch between Oracle's and Apple's Java updates wasn't lost on security researchers. Flashback.R, as Intego called it, was the first to target an unpatched, or "zero-day," Java bug. Before Flashback.G, Mac malware needed help installing, if only getting the user to enter her administrative password.įlashback.G exploited two different Java bugs, but both of them had been patched months or even years earlier. The earlier Flashback.G, which Intego analyzed in late February, was the first Mac Trojan that didn't require any user interaction. Oracle patched that Java vulnerability - and 13 others - for Windows, Linux and Unix on February 14, but because Apple still maintains Java on OS X.įlashback.R exploits the CVE-2012-0507 Java bug and like earlier versions of the malware, can silently infect Mac users. One of the dozen vulnerabilities, identified as CVE-2012-0507, has been targeted by the Flashback clan of Trojan horses since at March 23, according to Mac-only security company Intego. Java is also present on Macs that have been upgraded to Lion from Snow Leopard. Java may have be on some Lion systems: Users are prompted to install the software the first time they try to run a Java applet. While Apple no longer packages Oracle's Java with its Mac operating system - it stopped that practice with Lion last July 2011 - it continues to issue Java security updates to people running Lion as well as Snow Leopard. Starting (NCController.m:98)20111109211957.584125 Network Connect -windowDidLoad setting user-agent to Mozilla/5.0 (Macintosh U PPC Mac OS X en)ĪppleWebKit/6534.51.22 (KHTML, like Gecko) Network Connect (like Safari)/16007 (DSLoginWindowController.The update applies to Mac OS X 10.6, aka Snow Leopard, and OS X 10.7, better known as Lion. The Network Connect log file is indicating a bus error core (signal 10):Ģ0111109211957.478201 Network Connect DSSignalProxy.panic caught signal 10 (DSSignalProxy.m:205)20111109211957.478225 Network ConnectĭSSignalProxy.panic relaunching /Applications/Network Connect.app/Contents/MacOS/Network Connect for crash reporting I can also confirm that launching from the web portal rather than the local installed Network Connect client works, So, I have a workaround, but the Network Connect functionality is currently broken by the Java update. It accepts my login credentials and passes the host check that our servers do, but instead of then providing our usual prompts/links window to select VPN, etc., the Network Connect window gets put behind other windows and returns to the prompts for login credentials. Network Connect starts up and is able to contact the remote server. I've confirmed on two different Lion macbook pros. Someone is also reporting that the Java update on 10.6.8 also broke this. It broke the Juniper Network Connect VPN client application. Updated OS X Lion (10.7.2) with the Java update from Apple via Apple's network update tool last night.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |