Mac Users Vulnerable to Blackhole Exploit Kit

New malicious software has been reported by F-secure that are running on Mac OSX a virus free operating system, the discovered malware is a Trojan horse that are exploiting vulnerability in oracle java component CVE-2012-0507.

Flashback code observed by F-secure (click to enlarge)

This critical vulnerability have been patched by oracle on February 15th but Apple have not yet released the required patch, this made most Mac OSX users open to this kind of malware and especially that a Blackhole exploit kit version is exploiting this vulnerability.

On the other hand if you are looking for a PoC than exploit already developed for the metasploit framework and you can check a video demonstration for the attack, but if you are using Apple system and while there still no patch available I think that it is time to consider the workaround by disabling java on your Apple operating system.

Update, April 4, 2012 at 10:03 am: Apple Update for Java for OS X Lion and Mac OS X

Source : https://www.f-secure.com/weblog/archives/00002341.html

Share
You can leave a response, or trackback from your own site.