Flashback trojan threat ?
Comments please, on the vulnerability of linux to this bit of malware going 'round.
Your thoughts are welcome and appreciated. "Flashback trojan captures over half a million Macs" This headline was copied from a 'Tech-site'. Matthew |
Quote:
|
flashback-java vulnerability
Dear unSpawn,
Thank you for your comments. My question is not about Macs but about Java which I have enabled and the fact that MacOs is unix based. I will be sure follow up on the sites you recommend. Matthew |
Quote:
|
Moderator response
Hi,
@schneidz You should never give advice to remove the filesystem as you did. Not funny nor should something of the sort be given as advice since some uninformed user may perform the said action. Do not do this again! Or you will suffer more than just an infraction or warning. |
Why is this in Linux General if it affects OSX ?
|
Quote:
|
From what unSpawn posted it seems to affect only OSX so far.
|
Quote:
Do you know whether the Java exploit is present in the Linux build? Does the Mac variant do anything if opened using Linux? |
Quote:
* The Oracle page also contains a list of CVE identifiers. So if you have a CVELIST=$('links -dump $URI | awk '/\| CVE-20/ {print $2}'|xargs;') then depending on your distribution you could check if those require fixing and if they are yourself. Per-CVE details are at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-yyyy-nnnn (or www.cvedetails.com/cve/CVE-yyyy-nnnn/) for Red Hat / Centos / Scientific Linux see https://access.redhat.com/security/cve/CVE-yyyy-nnnn (or 'yum --cve CVE-yyyy-nnnn'), for SuSE see support.novell.com/security/cve/CVE-yyyy-nnnn.html, for Ubuntu see people.canonical.com/~ubuntu-security/cve/CVE-yyyy-nnnn, for Debian and .*BSD see http://cvechecker.sourceforge.net and for others, well, you either know how to find your distributions SO bulletins or CVE listings yourself already or your distro maintainer(s) simply may not care. |
Quote:
my point was that this exploit was a trojan that duped users into typing in their administrator password -- even the best security succumb to human ignorance. |
I have not read anything wrong. The report indicates that it is OSX specific. All the paths and software and everything is OSX specific. A separate trojan would have to be written for Linux, because that one wouldn't work.
|
It is not OS X specific .
If you are still running Java with that bug than it can effect you're system . So if you are not running OS X install the latest version of JAVA , Apple used her own version of JAVA , and she was very late in patching JAVA for OS X . |
Quote:
BTW, Slackware 13.37 is still shipping 6u-25 and Slackware-current only has 6u-27, so unless you've updated it yourself, you're most likely exposed to far more than this one vulnerability. |
Quote:
|
All times are GMT -5. The time now is 04:27 AM. |