The recent Mac Flashback Trojan attack has jolted iOS users to the reality of the vulnerability of the presumed-unbreachable operating system by Apple.
Flashback was a Java-based attack vector that targeted more than half a million OS X and the infected Macs became remote controlled botnets.
Apple did come out with the new Java for OS X Lion update that took care of the problem, but as always, it was a few days behind the actual Java update released by Oracle. However, within the few days of delay, the mischief was done and millions of Mac users found their Macs lose the false aura of impregnable security from malware.
The update released by Apple did a good job by not only provides a fully patched version of Oracle’s Java SE 1.6.0_31, but also got rid of the Flashback malware.
Apple has also taken measure to prevent further threats by configuring their version of the Java plug-in to not execute Java applets automatically by default.
Qualys CTO Wolfgang Kandek said, “We have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security-conscious users will do so. Giving the task of monitoring Java use to the computer itself is a great idea and it will be interesting to see how user acceptance will work out.”
Despite the major reason the malware was able to attack Macs was late in getting the Java updates, there are other causes that made iOS vulnerable. A good lead is taking care of the Macs with proper Intrusion Prevention System (IPS) rules.
Matt Watchinski, vice president of vulnerability research at Sourcefire, told eSecurity Planet said, “We provide detection of the exploit that delivers Flashback and detection of post-compromise behavior as well, which then allows us to help enterprises have the proper protection.”
Roger Thompson, Chief Emerging Threats Researcher at ICSA Labs, explained the three essential conditions that make a virus attack successful:
He points out, “The operating system has to be well enough understood that people of hostile intent can write malware. The development system needs to be cheap enough that the people of hostile intent can afford it. The target base needs to be big enough to provide a return on the effort.”
He added, “If you’re missing any of these three, you probably don’t have a virus problem. It is why it is not an issue for mainframes or mini-computers, for example. Mac now satisfies all of those conditions.”