"Update Now" Notification for Apple

Last Updated: 01/10/2018

Security Notice Level

SEVERE

Malicious software, referenced in media reports and antivirus vendors as Flashback, is reportedly infecting Apple Macintosh machines when users browse the internet and encounter maliciously crafted web sites. The attack uses a vulnerability in Java for OS X for which Apple provided a patch on April 5, 2012.

Once the malicious software has been installed attackers attempt to steal personal information including passwords, banking information and more. The malicious software will also contact a command and control server to download additional malware or instructions. This malware can be used to continue the outbreak and to control the end users machine without their knowledge or permission.

The IT Security Office advises updating as soon as possible. Updates may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads website.

Update: April 13, 2012

We are continuing to see reports of new Flashback variants which are causing problems for the Flashback detection utility we had previously posted on this Security Notice. IT Security has been monitoring network traffic for indications of infected systems.If we believe your system is infected, we will contact you and ask you to contact our IT Service Center.

As a reminder, the university will never send email asking for your highly confidential data (e.g. passwords, SSNs, credit card numbers, etc.) and you should be suspicious of messages that direct you to provide this information.

Update: April 17, 2012

Apple has released a Flashback Removal Tool as an update to OS X Lion (10.7) and updates for Java on Mac OS X 10.6 that include a Flashback Removal Tool. These updates address vulnerabilities that could allow malicious users to execute arbitrary code, steal highly confidential data and take control of affected computers. Learn more.

Network Connect Known Issue Related to Java Update

This Java update disables the Java applet plug-in by default in Java Preferences. As you may know, the campus’s Network Connect VPN requires that the Java applet plug-in be enabled in order to connect. Learn more about this issue and how to enable the Java applet plug-in.

Affected Software

  • Mac OS X v10.6.x
  • Mac OS X Server v10.6.x
  • OS X Lion v10.7.x
  • OS X Lion Server v10.7.x

Additional Information

Security Bulletin Names:

  • APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
  • Released: April 3, 2012