I'm an author and a developer focused on build tools. I'm currently focusing on Gradle, but I have an interest in all build tools and most development infrastructure. I focus on Enterprise Java, Ruby, and the interface between Systems Administration and Software Development. The focus of my work is to make it easier for individuals to adopt open source software. Tim is a DZone MVB and is not an employee of DZone and has posted 41 posts at DZone. You can read more from them at their website. View Full User Profile

Update Java to Avoid (and Remove) the OSX Flashback Malware

  • submit to reddit

This is something of a public service announcement because we know from our site analytics that 14.29% of you are running OSX. If you run OSX 10.6 or higher and Java, take a quick break and upgrade.

In case you missed it there is a vulnerability in Apple’s version of Java that is fueling the rise of what people are calling the Flashback botnet. According to this Computerworld article, this OSX Flashback botnet is at least 600,000 computers strong and the latest variants of the attack “do not require user intervention”. The advice to fix this Mac vulnerability? Last week a Register article stated that “F-Secure advises users to disable Java, which is not needed to visit the vast majority of Web sites, on their Mac.” Right….. disable Java. Something tells me that’s not effective advice for this developer audience.

If you want to protect yourself, follow Apple’s instructions and upgrade Java. If you are running OSX Leopard or earlier, you are out of luck and you should probably either disable Java or upgrade (really, isn’t it time for an upgrade anyway?). This upgrade from Apple will also remove installed malware if you’ve been compromised. Conclusion: Java developers, all of your OSX machines are belong to Flashback. Upgrade now.

Note: This post references our Security Feed. We maintain a feed of security stories relevant to developers which is isolated from our main blog feed. If you are interested in getting the full feed, read it here.

Published at DZone with permission of Tim O'brien, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)