Qualys Blog

www.qualys.com
wkandek

Apple Takes Cool, New Approach to Flashback Trojan

Apple released today a new, quite innovative version of Java for Mac OS X 10.7 and 10.6. Innovative, because the new version does not fix any vulnerabilities, but instead addresses two of the current Java on Mac landscape problems:

  1. it erases the known variants of the Flashback Trojan
  2. it automatically disables Java when it has not been used for the last 35 days. Users have to then re-enable it manually (in Java Preferences) when they need it.

This is exciting and to my knowledge nobody has done something like this before. It makes total sense to me: We have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security conscious users will do so. Given the task of monitoring Java use to the computer itself is a great idea and an excellent experiment in computer security. It will be interesting to see how user acceptance of such a measure will work out.

Leave a Reply