iOS Developer Site At Core of Facebook, Apple Watering Hole Attack 88
msm1267 writes "The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers' forum called iphonedevsdk which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond the big three. It's not clear whether the site remains infected, but researcher Eric Romang dug into the situation and determined that the site was hosting malicious JavaScript that was redirecting visitors to another site, min.liveanalytics. That site had been hosting malware as of Jan. 15."
Mac Users Do a Software Update (Score:5, Informative)
The fix to patch the vulnerability and remove the malware if it's there is available today. Mac users should do a software update.
Re:Okay.... this is a new one. (Score:5, Informative)
Re:Okay.... this is a new one. (Score:5, Informative)
Re:Mac Users Do a Software Update (Score:5, Informative)
The fix to patch the vulnerability and remove the malware if it's there is available today.
The keyword there is "today." The actual Java patch was available earlier, it's just Apple only bothered patching their version of Java until - well, after they got bitten by the vulnerability, apparently. Apple had been content to just say "applets are no longer supported" and leave it at that.
Re:LOL (Score:5, Informative)
Not exactly.
They stopped supporting future versions of Java - namely, Java 7. They still support Java 6.
In theory, by now, Java 6 support should have been dropped and Java 6 should no longer be updated at all. However, due to problems with Java 7, and compatibility issues between Apple Java and Oracle Java on Mac OS X, Java 6 lives on and is still being updated.
The Apple update to Java 6 was delivered through Software Update by Apple as an OS update. Java 6 is still done by Apple. At some point, Apple will drop support for Java entirely and the only way to run Java on Mac OS X will be to install it from Oracle.
In fact, this should have happened already. But it hasn't, yet. The next version of Mac OS X will presumably drop support for Apple's Java entirely, but as of today, it still lives on, and patches for it still come from Apple.