After almost two weeks since the last updates released by Apple to remove the Trojan Flashback, a new malware attacks OS X systems through Java exploit, drawing Apple to the drastic decision of disabling the Java environment.
The threat, named Backdoor.OSX.SabPub.a by Kaspersky, sends to its creators information form an infected system through screenshots and it seems to originate from China. Costin Raiu from Kaspersky also informed that the malware appears to use the Exploit.Java.CVE-2012-0507.bf vulnerability and that the source of the attack proved to be an infected Word document containing a statement from Dalai Lama.
“In case you are wondering, the name of the file (“10th March Statemnet”) is directly linked with the Dalai-Lama and Tibetan community. On March 10, 2011, the Dalai-Lama released a special statement related to Anniversary of the Tibetan People’s National Uprising Day — hence the name.”
As attackers are using security flaws from Java to access Mac hardware, Apple’s decision of disabling both the plugin and the Java Web Start applet fitted the bill. Apple also decided to no longer ship OS X Lion with Java pre-installed, leaving the usage of it at the users’ choice.