New hole in Java opens doors to more Mac malware

A newly discovered vulnerability in Java 7 may let hackers attack Apple computers, bringing back memories of the recent Flashback trojan that may have been stealing up to $10,000 a day in ad revenue.

The hole was found in Oracle’s latest Java 7 runtime and exploits are already seen using the vulnerability to attack Windows PCs. The virus enters a computer when the user visits a website. That’s it. The website may appear blank, but in the background, the malware is downloading to the computer. According to CNET, some may see the word “loading” over the Java icon for a second.

Because the malware takes advantage of a hole in Java 7, it could lead malware writers to attack Mac systems that also use Java.

“Exploit kits” are now being sold in black markets that include the vulnerability — meaning we could see some real malware taking advantage of the hole soon.

The vulnerability nods to the Flashback trojan, which some say affected hundreds of thousands of Mac computers earlier this year, and gamed Google to steal advertising revenue in searches. The trojan helped Mac users realize that though Apple products have been predominately the “safer” option between a Mac and a PC, they aren’t invincible. Flashback also exploited a hole in Java, which was later patched by Apple.

As CNET notes, Oracle only updates its Java runtime software once a quarter and doesn’t often deviate from that pattern. Thus, the only way to really ensure your safety against the vulnerability is to fully uninstall Java 7. This may be a pain for some who use it regularly, and for third parties may come out with patches of their own. But otherwise, it’s probably a good idea to take it offline before someone really exploits the hole.

via Cnet; Oracle image via Peter Kaminski/Flickr

0 comments