April 2, The Register – (International) Mac Java hole exploited by wild Flashback trojan strain. Security watchers have discovered a strain of Mac-specific malware that exploits an unpatched vulnerability in Java. A variant of the Flashback trojan exploiting CVE-2012-0507 (a Java vulnerability) was spotted in the wild, F-Secure warns. Oracle patched the vulnerability for Windows machines in February, but has yet to issue a fix for Mac OS X — creating a window of opportunity for virus writers. F-Secure advises users to disable Java, which is not needed to visit the vast majority of Web sites, on their Mac. Some banking Web sites mandate the use of Java, in which case securityconscious Mac users can re-enable Java for the duration of their session before turning - 17 - it off again, the security firm suggests.
Ali Loney, on April 02, 2012