New Mac Java vulnerability could be worse than Flashback

Over the weekend, Kaspersky Lab discovered a new Trojan that infects Apple Mac computers, called SabPub or Backdoor.OSX.SabPub.a, reports Mashable. This new malware discovery comes hot on the heels of the highly publicized Flashback virus, which infected more than 650,000 Mac users at its peak.

SabPub spreads via an exploit in Java, like Flashback. However, Alex Gostev, chief security expert of Kaspersky Lab, told Mashable that the similarities end there.

"The Flashback and the SabPub Trojans are totally different," Gostev said. "SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers."

Kaspersky Lab noted that attacks on Mac OS X have increased over time. About 300 variants of Mac malware were detected before 2012, while more than 70 have been detected in just the past three months.

While Apple released a Flashback removal tool several days after that exploit's appearance, users who wish to check for and rid themselves of SabPub don't have to wait for a fix. To remove SabPub from your computer, follow these instructions.

  1. Navigate to the Library folder within your user account.
  2. In the LaunchAgents folder, find and remove the file com.apple.PubSabAgent.plist.
  3. In the Preferences folder, find and remove the file com.apple.PubSabAgent.pfile.
  4. Log out and log back in to clear the files from the system's memory.

Alternatively, you can simply run the following two commands in the Terminal application:

rm ~/Library/LaunchAgents/com.apple.PubSabAgent.plist
rm ~/Library/Preferences/com.apple.PubSabAgent.pfile

Again, log out and log back in after removing the files to clear them from the system's memory.

Report a problem with article
Previous Story

Microsoft getting more involved in Windows 8 Ultrabook designs?

Next Story

Rumor: Google Drive cloud service launching next week?

55 Comments

Commenting is disabled on this article.

So, when MS products are "infected" via a 3rd party it's all MS's fault.... when Apple's products are infected the same ways, it's the 3rd parties fault not Apples... interesting... in the end the OS still allowed this to happen even though a 3rd party allowed it in

According to a small number of Mac OS X users, apparently that is the case. But you just want to extrapolate that to all Mac OS X users to make you point, so do what you do to make you feel good.

neufuse said,
So, when MS products are "infected" via a 3rd party it's all MS's fault.... when Apple's products are infected the same ways, it's the 3rd parties fault not Apples... interesting... in the end the OS still allowed this to happen even though a 3rd party allowed it in

Except Apple controls the Java VM on Macs.

Reading through the comments, I find it kind of amusing how so many people are trying to fro the hot potato between Java, Adobe and Microsoft, while completely avoiding Apple's court.

1. The regular Java runtime was patched a while ago. It is the Apple managed runtime that has the problem.
2. If you are using the regular Java runtime, your Adobe products would not have been affected
3. The office vulnerability was patched in 2009. People who are infected either have not bothered to install the patch/update, or are running a pirated version.
http://arstechnica.com/apple/n...re-preying-on-mac-users.ars

That's my two cents worth anyway.

I thought Apple releases/maintains its own version of Java...

If so then surely any problems with Java on a Mac is completely Apple's fault.

Blaming this on the alias of "Java" is just misdirecting blame.

Edited by lt8480, Apr 17 2012, 10:06am :

Instead of blaming Java, the fault here is Apple not releasing the much needed Java security updates on time.

oh and cut the "java is crap" nonsense. it's useful and there's a ton of applications, raging from complete bank applications to car diagnostic units, not forgetting the many server applications that exist. Yes java can be slow, sometimes sluggish and memory consuming. But just because you don't use it doesn't mean that the whole world shouldn't be using it.

Praetor said,
Instead of blaming Java, the fault here is Apple not releasing the much needed Java security updates on time.

oh and cut the "java is crap" nonsense. it's useful and there's a ton of applications, raging from complete bank applications to car diagnostic units, not forgetting the many server applications that exist. Yes java can be slow, sometimes sluggish and memory consuming. But just because you don't use it doesn't mean that the whole world shouldn't be using it.


Apple did release the 1.6.0_31 update. It was back in early April. 1.6.0_31 is the latest Java SE 6 release.

http://support.apple.com/kb/HT5055
http://www.oracle.com/technetw...se/releasenotes-136954.html

dotf said,

Apple are responsible for Java on their platform?

My Java for Windows comes from Oracle, not MS.

Yes Apple is actually the responsible for releasing Java instead of Oracle.

Praetor said,
Yes Apple is actually the responsible for releasing Java instead of Oracle.

Well I lay the blame solely in Apple's court then.
If Oracle have patched this in their JVM then it is Apple's for not staying lock-step.

giga said,

Apple did release the 1.6.0_31 update. It was back in early April. 1.6.0_31 is the latest Java SE 6 release.

Yeah. April. The security hole has known since January/February.

Just found those files on my Mac!!
FFS Java is such a load of ****, just the fact that the Windows version is currently at 6 Update version 31!, just shows how many vulnerabilities have been found....

Brian Miller said,
How do you disable Java completely on the Mac?

Applications -> Utilities -> Java Preferences

then uncheck the checkbox of the "On" column.

AlexMagik said,

Applications -> Utilities -> Java Preferences

then uncheck the checkbox of the "On" column.

Thanks, I'm going to do that this evening. I don't even think I have any Java apps on my Mac.

A lot of people ridicule java, flash and the likes despite the fact the can be and are useful.

Good news is that java is not installed by default and can only be installed on request.

Seeing as so many people are infected and it's not installed by default I would say that a lo of people want/need java and therefore install it. No one (esp not mac users) go out of their way to install anything.

The other thing, whats all this biz about "mac's don't get PC viruses"? PC is a personal computer, Macs are PCs. They just got two nasty virus's and there are probably many undetected. I know this is a java issue not a mac one but just cos it's java doesn't mean that the host computer can't be deemed as "uninfectable"

I think Java is installed by default on Snow Leopard, but not Lion. But if you do an upgrade, it might still be installed.

[quote=Auzeras said,]
Seeing as so many people are infected and it's not installed by default I would say that a lo of people want/need java and therefore install it. No one (esp not mac users) go out of their way to install anything./quote]

Adobe products like Photoshop require Java to be installed because of a background app they use and lack of error checking when the background app can't launch. So Adobe becomes weakest link.

cpp_coder said,
Macs are still virus free, unlike Windows. Proud to be a Mac user cause I use the best OS in the world

Tell that to the 600,000 Macs that got infected with Flashback.

cpp_coder said,
Macs are still virus free, unlike Windows. Proud to be a Mac user cause I use the best OS in the world

http://en.wikipedia.org/wiki/Elk_Cloner

Elk Cloner is one of the first known microcomputer viruses that spread "in the wild," i.e., outside the computer system or lab in which it was written. It was written for Apple II systems around 1982 by a 15-year-old high school student named Rich Skrenta.

cpp_coder said,
Macs are still virus free, unlike Windows. Proud to be a Mac user cause I use the best OS in the world

Enjoy your mac with all of its vulnerabilities Apple doesn't want you to know about.

cpp_coder said,
Macs are still virus free, unlike Windows. Proud to be a Mac user cause I use the best OS in the world

Seriously dude. That kind of ignorance is going to get you into trouble. Don't be a fool. Nothing is 100% secure. Stop making posts like this because it just makes the rest of the Mac OS X user base look just as ignorant as you.

java java java...
seriously nobody should use (or install) that piece of junk of java...

it's not a direct bug of Mac OS X, but a Java bug, that then infects the machine.
Good news is that java is not installed by default and can only be installed on request.

AlexMagik said,
java java java...
seriously nobody should use (or install) that piece of junk of java...

it's not a direct bug of Mac OS X, but a Java bug, that then infects the machine.
Good news is that java is not installed by default and can only be installed on request.

Agree with you. Poor Windows fan boys, they have never used the best OS in the world so they just show their ignorance by saying Macs can get viruses which will never happen because of UNIX, FreeeBSD

cpp_coder said,

Agree with you. Poor Windows fan boys, they have never used the best OS in the world so they just show their ignorance by saying Macs can get viruses which will never happen because of UNIX, FreeeBSD


UNIX based systems and FreeBSD can get viruses. Macs can get viruses.

cpp_coder said,

Agree with you. Poor Windows fan boys, they have never used the best OS in the world so they just show their ignorance by saying Macs can get viruses which will never happen because of UNIX, FreeeBSD

If OS X is the best OS in the world, why is that every time I use it I want to find someone responsible for it and punch them?

AtriusNY said,
Ever heard of sarcasm?

Actually, I don't think cpp_coder was being sarcastic. I really hope I'm wrong though.

Douglas_C said,

If OS X is the best OS in the world, why is that every time I use it I want to find someone responsible for it and punch them?

i was the same as you until i got use to it (about a month of usage at work), now i want to punch anybody that own a windows, as i wonder why i hated so much before...


but seriously, anybody is free to use what they want, i don't understand why people cry about mac vs pc, is not like they get money if someone switch to the other side, or am i wrong?

AlexMagik said,
java java java...
seriously nobody should use (or install) that piece of junk of java...

it's not a direct bug of Mac OS X, but a Java bug, that then infects the machine.
Good news is that java is not installed by default and can only be installed on request.

The last I checked, this was already patched in Java. This vulnerability attack is a result of Apple taking their sweet time updating their own managed version.

Douglas_C said,

If OS X is the best OS in the world, why is that every time I use it I want to find someone responsible for it and punch them?

Anger issues? See a doctor.

cpp_coder said,

Agree with you. Poor Windows fan boys, they have never used the best OS in the world so they just show their ignorance by saying Macs can get viruses which will never happen because of UNIX, FreeeBSD

how did windows or even windows fan boys even get into this conversation about Macs getting Trojans/virus?

cpp_coder said,

Agree with you. Poor Windows fan boys, they have never used the best OS in the world so they just show their ignorance by saying Macs can get viruses which will never happen because of UNIX, FreeeBSD

Please stop. You are giving them what they want. Flamebait.

ctrl_alt_delete said,

how did windows or even windows fan boys even get into this conversation about Macs getting Trojans/virus?

Because it's funny to watch Apple fan boys stutter at Starbucks while drinking their mochacappufrappelatte when they read this news.

FoxieFoxie said,
Good news, time to go back to reality and see what Applie is all about

money and not giving a crap what the user wants only what they tell you that you want?

neufuse said,

money and not giving a crap what the user wants only what they tell you that you want?

And Microsoft doesn't overcharge the average consumer for their operating system, giving lack luster features, ripping off OEM's with their "Windows tax"? So go troll somewhere else.

KomaWeiss said,

And Microsoft doesn't overcharge the average consumer for their operating system, giving lack luster features, ripping off OEM's with their "Windows tax"? So go troll somewhere else.

No, it is you that is trolling. He didn't even mention Microsoft, you are just bringing up something off topic.

WWhhaatt??

No snarky "Java is grossly unsecure, therefore, garbage" one-liners, genuine thanks, apathy &/or platform bickering 10 minutes after this was published?

Wow, the Neowin userbase has grown/returned to it's old "mature" glory. ;>