New Mac Java vulnerability could be worse than Flashback

Over the weekend, Kaspersky Lab discovered a new Trojan that infects Apple Mac computers, called SabPub or Backdoor.OSX.SabPub.a, reports Mashable. This new malware discovery comes hot on the heels of the highly publicized Flashback virus, which infected more than 650,000 Mac users at its peak.

SabPub spreads via an exploit in Java, like Flashback. However, Alex Gostev, chief security expert of Kaspersky Lab, told Mashable that the similarities end there.

"The Flashback and the SabPub Trojans are totally different," Gostev said. "SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers."

Kaspersky Lab noted that attacks on Mac OS X have increased over time. About 300 variants of Mac malware were detected before 2012, while more than 70 have been detected in just the past three months.

While Apple released a Flashback removal tool several days after that exploit's appearance, users who wish to check for and rid themselves of SabPub don't have to wait for a fix. To remove SabPub from your computer, follow these instructions.

  1. Navigate to the Library folder within your user account.
  2. In the LaunchAgents folder, find and remove the file com.apple.PubSabAgent.plist.
  3. In the Preferences folder, find and remove the file com.apple.PubSabAgent.pfile.
  4. Log out and log back in to clear the files from the system's memory.

Alternatively, you can simply run the following two commands in the Terminal application:

rm ~/Library/LaunchAgents/com.apple.PubSabAgent.plist
rm ~/Library/Preferences/com.apple.PubSabAgent.pfile

Again, log out and log back in after removing the files to clear them from the system's memory.

Report a problem with article
Previous Story

Microsoft getting more involved in Windows 8 Ultrabook designs?

Next Story

Rumor: Google Drive cloud service launching next week?

55 Comments

View more comments

Brian Miller said,
How do you disable Java completely on the Mac?

Applications -> Utilities -> Java Preferences

then uncheck the checkbox of the "On" column.

AlexMagik said,

Applications -> Utilities -> Java Preferences

then uncheck the checkbox of the "On" column.

Thanks, I'm going to do that this evening. I don't even think I have any Java apps on my Mac.

Just found those files on my Mac!!
FFS Java is such a load of ****, just the fact that the Windows version is currently at 6 Update version 31!, just shows how many vulnerabilities have been found....

Instead of blaming Java, the fault here is Apple not releasing the much needed Java security updates on time.

oh and cut the "java is crap" nonsense. it's useful and there's a ton of applications, raging from complete bank applications to car diagnostic units, not forgetting the many server applications that exist. Yes java can be slow, sometimes sluggish and memory consuming. But just because you don't use it doesn't mean that the whole world shouldn't be using it.

Praetor said,
Instead of blaming Java, the fault here is Apple not releasing the much needed Java security updates on time.

oh and cut the "java is crap" nonsense. it's useful and there's a ton of applications, raging from complete bank applications to car diagnostic units, not forgetting the many server applications that exist. Yes java can be slow, sometimes sluggish and memory consuming. But just because you don't use it doesn't mean that the whole world shouldn't be using it.


Apple did release the 1.6.0_31 update. It was back in early April. 1.6.0_31 is the latest Java SE 6 release.

http://support.apple.com/kb/HT5055
http://www.oracle.com/technetw...se/releasenotes-136954.html

dotf said,

Apple are responsible for Java on their platform?

My Java for Windows comes from Oracle, not MS.

Yes Apple is actually the responsible for releasing Java instead of Oracle.

Praetor said,
Yes Apple is actually the responsible for releasing Java instead of Oracle.

Well I lay the blame solely in Apple's court then.
If Oracle have patched this in their JVM then it is Apple's for not staying lock-step.

giga said,

Apple did release the 1.6.0_31 update. It was back in early April. 1.6.0_31 is the latest Java SE 6 release.

Yeah. April. The security hole has known since January/February.

I thought Apple releases/maintains its own version of Java...

If so then surely any problems with Java on a Mac is completely Apple's fault.

Blaming this on the alias of "Java" is just misdirecting blame.

Edited by lt8480, Apr 17 2012, 10:06am :

Reading through the comments, I find it kind of amusing how so many people are trying to fro the hot potato between Java, Adobe and Microsoft, while completely avoiding Apple's court.

1. The regular Java runtime was patched a while ago. It is the Apple managed runtime that has the problem.
2. If you are using the regular Java runtime, your Adobe products would not have been affected
3. The office vulnerability was patched in 2009. People who are infected either have not bothered to install the patch/update, or are running a pirated version.
http://arstechnica.com/apple/n...re-preying-on-mac-users.ars

That's my two cents worth anyway.

So, when MS products are "infected" via a 3rd party it's all MS's fault.... when Apple's products are infected the same ways, it's the 3rd parties fault not Apples... interesting... in the end the OS still allowed this to happen even though a 3rd party allowed it in

According to a small number of Mac OS X users, apparently that is the case. But you just want to extrapolate that to all Mac OS X users to make you point, so do what you do to make you feel good.

neufuse said,
So, when MS products are "infected" via a 3rd party it's all MS's fault.... when Apple's products are infected the same ways, it's the 3rd parties fault not Apples... interesting... in the end the OS still allowed this to happen even though a 3rd party allowed it in

Except Apple controls the Java VM on Macs.

Commenting is disabled on this article.