Apple Changes Security Playbook With Flashback Response

  /     /     /  
Publicated : 22/11/2024   Category : security


Apple Changes Security Playbook With Flashback Response


Responding to malware spread by the huge Flashback botnet, Apple has for the first time come clean about a threat before its readied a fix. Is it a new security day in Cupertino?



Stunned by the revelation that 1% of all OS X Macs may have been hijacked by a Java botnet named Flashback, in the largest Apple malware outbreak in history? For Mac security watchers, thats nothing compared with the first-time revelation from Apple--wait for it--that its still coding a fix for a security issue.
Apple has--apparently for the very first time!--talked about a security problem before it had all its threat response ducks in a row,
blogged
Paul Ducklin, head of technology for Sophos in the Asia Pacific region.
Indeed, in a
security bulletin titled About Flashback malware
released Tuesday, Apple said that its taking direct aim at the malware in two ways: Apple is developing software that will detect and remove the Flashback malware. In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
[ Apple rejects iOS apps that use unique identifier numbers over privacy concerns. Read more at
Apple Rejects Apps Over Privacy Concerns
. ]
Apple has historically downplayed any security issues affecting Mac OS X, detailing them only in the release notes for operating system updates. Exceptions--such as last years outbreak involving
fake security software known as MacDefender
--are rare. In that case, Apple offered
detailed guidance
for avoiding the malware, while also acknowledging that it was hard-coding blocking tools into Apple OS X.
So whats behind the more recent security information disclosure shift? For starters, theres the scale of the outbreak. Kaspersky Lab said that last week it saw 670,000 active machines infected with Flashback (aka Flashfake). While that number had dropped to 237,103 by Sunday, the company warned that
the botnet remains active
. The decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days--it is not the equivalent of the exact number of infected machines, read a statement released by Kapersky.
But the Flashback eradication campaign was also personal: at least
274 infected Macs were located in Cupertino
.
Heres where the fixes stand: Last week, Apple pushed an update for Mac OS X v10.6 and 10.7,
fixing the bug
in the Oracle Java software. (Mac OS X automatically checks for updates weekly, but users can trigger updating by running Software Update.)
Users of older Mac operating systems, meanwhile, are still waiting for a permanent fix. Apple said that until that happens, they can disable Java, but is that really feasible? Suggestions to ditch Java are unhelpful and unlikely for the average user. It is far too ubiquitous, said Adrian Sanabria, a security engineer at Sword & Shield Enterprise Security whos been
tracking the outbreak
.
Furthermore,
quitting Java
is hard to do, especially since some software--such as Adobes CS5 suite, which includes Photoshop and Dreamweaver--
requires a Java runtime environment
to be installed. Otherwise, they wont run.
Another option is to take direct aim at the malware by using free
Flashback detection and removal tools
released by Russian antivirus firm Dr. Web. Kaspersky Lab likewise released its own
Flashback detection and removal tool
.
If the Flashback Trojan infects a Mac, it redirects the computer to a Website that pushes JavaScript that loads a malicious Java applet containing the exploit. But its interesting to see what will make the malware
not
install itself. Namely, the malware first scans the hard drive, looking for the
Little Snitch
firewall,
Packet Peeper
network protocol analysis software, Apples
Xcode development tools
, or one of a number of different
antivirus products
for Mac OS X, all of which would help detect the threat. For unknown reasons, the application also looks for Skype or Microsoft Office. If it finds any of those applications installed on the Mac, it deletes itself without executing the malicious payload. In other words, using Mac security software, at least in the case of this malware, pays off in more ways than one.
On the outbreak scale, how does Flashback rank compared to malware seen on Windows? Whats notable is that Apple has been
pushing operating system updates
to nuke the threat, meaning that users of current versions of Mac OS X are seeing fixes get automatically installed. By comparison, Windows users must still
rely on antivirus add-ons
to help them spot and block such threats.
InformationWeek is conducting a survey to determine whats important to you when youre choosing vendors of security information and event management (SIEM) products as well as how the vendors are actually doing against those criteria. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad. Take our
Security Information And Event Management Vendor Evaluation Survey
now. Survey ends April 27.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Apple Changes Security Playbook With Flashback Response