New Java malware affects Macs running Snow Leopard and earlier

More Java-based Mac malware is on the loose, but you need fear only if you’re still running Snow Leopard or an earlier version of OS X. In addition to afflicting older Macs, the exploit targets Windows and Linux machines with the Java runtime installed, too.

As first reported by F-Secure, this new Java malware was discovered on a compromised Colombian Transport website, with a bit of social engineering thrown in for good measure: You need to approve the installation of a Java applet, which OS X will warn you is from a root certificate that “is not trusted,” to get infected.

Once authorized, the exploit downloads additional malicious code from the Web. Security firm Sophos says that the malware then attempts to open a backdoor on your computer, through which hackers could remotely access the machine.

Because the Mac version of the malware runs as a PowerPC app, only Macs that can run PowerPC software are at risk. Since Lion (and Mountain Lion) no longer include Rosetta, the technology that allows Intel-based Macs to run PowerPC software, computers running those versions of Mac OS X cannot be infected.

Mac users may not too fondly experience some flashbacks to the insidious Flashback Trojan horse that affected even fully up-to-date Macs, since Apple hadn’t kept up with Java security updates as rigorously as its competitors. Starting in late April, Java developer Oracle began issuing security updates directly to Mac users at the same time those updates became available for other platforms, bypassing Apple.

Subscribe to the Apple @ Work Newsletter

Comments