java
Latest
AT&T ready to battle Sprint for push-to-talk supremacy starting in November
While Sprint's iDEN network is getting the axe in favor of a new CDMA setup, AT&T will soon be sprucing up its near absent push-to-talk services. Targeting a November release with plans starting around $30, Ma Bell's enhanced PTT will be compatible with smartphones running Android 2.3+, BlackBerry 7, Windows Phone 8 and even Java-powered feature phones. In addition to playing nice with a variety of mobile platforms, this new service will also work across laptops, tablets and smart cars.
Google releases new Java to iOS source code translator
Developers have their work cut out. Even if we (impolitely) sidestep the likes of Windows Phone, BlackBerry and the rest, those coders often have to pitch their work across web, iOS and Android. Google's trying to make that job a little easier, introducing a new tool that automatically converts Java source code into Objective-C, which is used in iPad and iPhone apps. While the J2ObjC tool can't tackle the UI for these, it does allow developers to craft other parts (including data access and nuts-and-bolts programming) into an easily shareable code without editing. Some existing Google projects already utilize the new translator, but its results remains a little temperamental -- the tool hasn't translated all possible paths just yet, and many Java devs have, according to the project page, "a slightly different way of using Java."
Java 1.7 zero-day exploit unlikely to impact Mac users (Updated)
Update: In the interest of quantifying the risk to the average Mac user from this exploit (which, please note, does not currently have a Mac-attack payload), I asked for some data from CrashPlan. Since the online/peer backup service requires Java, its userbase represents a good proxy for the Java installed versions on the Mac. Co-founder Matthew Dornquist quickly responded with a random sample of 200K recent users; his numbers show that the overwhelming majority of CrashPlan's Mac users are on Java 1.6 (92%) and a small minority on the older 1.5 version. The percentage on the 1.7 version targeted by the malware? Approximately zero. It's not often that we find ourselves thankful for out-of-date software, but there it is. --- For a widely distributed runtime like Oracle's Java, a zero-day vulnerability (a security flaw exploited to create malware before the platform's maintainers have a chance to analyze and respond) is your basic nightmare. Millions of computers might be affected while a patch is in progress; security companies and ISPs need to coordinate to update malware definitions and block command-and-control websites. Nothing but aggravation -- and since Java can run on all varieties of operating systems, there's plenty of agita to go around. Research shop FireEye identified a Java zero-day exploit this weekend that is already targeting fully patched versions of the Java JRE version 1.7 running on Windows machines. The exploit attempts to install a dropper executable (Dropper.MsPMs) on the machines it attacks. In theory, a separate dropper could be crafted to attack Mac or Linux systems, although none has yet been observed in the wild. That's a reason for Mac users to rest a little more easily, but it's not the big one. As CNET points out, the vulnerable edition of the JRE -- 1.7 -- isn't installed by default in a stock configuration of OS X. The Java that Apple delivers on Snow Leopard, Lion and Mountain Lion is JRE 1.6 (and on Lion and Mountain Lion, it's only installed on demand when needed to run Java applications); in order to be on 1.7 and be theoretically susceptible, you'd have to install the Oracle beta build manually... which, hopefully, you'd remember doing. Some of the more breathless coverage of this exploit seems to have missed that point; the overwhelming majority of OS X machines are not running the vulnerable version, and any that are should (theoretically) be under the supervision of users who specifically chose to move to the new, yet-to-be-mainstream release. If you did install the Oracle build and you're concerned about the new exploit, you can disable the Java plugin in each of your browsers individually, or uninstall 1.7 entirely. While it bears repeating that there is no evidence of a Mac payload for this exploit at this time, if you don't have a specific reason to run the new version then it's probably safest to stick with JRE 1.6 instead (or turn off Java completely if you don't need it). In response to past exploits including Flashback, Apple's Java web plugin is now set to auto-disable when it isn't used for some time, further reducing the attack surface for Mac users. [hat tip Seth Bromberger]
Malware affecting Macs running older versions of OS X
There's new Java-based Mac malware in the wild, but before you run screaming out the door to buy an antivirus app, read the rest of this post. The new malware, known as GetShell.A, requires you to approve the installation of a Java applet. OS X, being the polite operating system that it is, warns you that the applet is from a root certificate that "is not trusted." If you still decide to go ahead and install this applet, your device will be infected. What's fascinating about this malware is that it is multi-platform. Once you allow the applet to be installed, it downloads platform-specific code for OS X, Linux, and Windows to attempt opening a backdoor on your machine. Here's the interesting thing -- the OS X code won't run without Rosetta on an Intel-based platform as it is a PowerPC binary. That means that any Mac without Rosetta -- basically any machine running Lion or Mountain Lion -- is immune to the malware.
Google to pay $0 in damages to Oracle, wait for appeal
After watching Judge Alsup strike down its patent and Java API infringement claims, Oracle seems to be cutting its losses, agreeing to accept $0 in damages from Google. Confused? So was the Judge, who reportedly responded to the proposal by asking, "is there a catch I need to be aware of?" No catch, but Oracle isn't giving up, stating that it's taking its case to the Court of Appeals for the Federal Circuit. If successful, the appeal could put the two firms back in Alsup's courtroom, perhaps asking for somewhere between the previously proposed $32.3 million and today's sum total of zilch. We'll let you know when the drama comes around again.
Oracle v. Google: Judge finds structure of Java APIs not copyrightable, renders jury infringement verdict moot
Thought the Oracle v. Google litigation fireworks were over? Well, if you weren't aware, during the copyright phase of the trial, the jury found that Google had infringed the structure, sequence and organization of Oracle's Java APIs. However, at the time, Judge Alsup had yet to evaluate the validity of Oracle's API copyright claims upon which that verdict was based. Today, Alsup found that Oracle's argument didn't hold water because it would expand the breadth of copyright holder's rights too far -- in essence, it would allow owners of software code to prevent others from writing different versions to perform the same functions. This ruling renders the jury's earlier infringement verdict moot, and gives Mountain View yet another courtroom victory. Despite this latest defeat, Oracle's sure to run the case up one more rung on the legal ladder, so let the countdown to the appeal begin.
Jury issues verdict in Android suit, finds that Google doesn't infringe Oracle patents
It appears that the jury has come to a conclusion in the Oracle v. Google trial, determining that Android does not infringe Oracle patents. Judge William Alsup of the US District Court for Northern California exonerated the search giant following a trial that lasted three weeks, ruling that Google did not infringe on six claims in US Patent RE38,104, along two claims in US Patent 6,061,520. Jurors were dismissed following today's ruling, with the trial's damages phase reportedly set to begin on Tuesday. According to The Verge, the jury did determine that Google was responsible for two counts of minor copyright infringement, relating to the order of Java APIs and several lines of rangeCheck code, which could be matched with a maximum penalty of $150,000 for each count. Regardless, it appears that the lawsuit, which dates back to 2010, when Oracle filed against Google for copyright and patent infringement related to Sun's Java code, could finally be coming to a close.
Apple issues Leopard update with Flashback removal tool
Folks still rocking Apple's Leopard may have been feeling left out after Lion and Snow Leopard both got an update for addressing that Flashback malware. If you're one of them, you'll be glad to know that Apple has finally issued a Leopard fix that comes with a removal tool for the vulnerability afflicting its big cats. In addition to a 1.23MB Flashback update, Apple also released a second 1.11MB fix for Leopard that disables versions of Adobe Flash Player that don't have the requisite security updates. Both should further whittle down the number of Apple computers affected by the Flashback trojan. For the actual updates, feel free to pounce on the source links below.
Xamarin's XobotOS opens prospect of Android port to C#, can of worms
Would it be ironic if Android developers did an end-run around Microsoft patents by using Microsoft's own C#? Or if Google kiboshed its Oracle brouhaha with the aid of none other than Redmond? We're asking because Xamarin, the wacky open source implementer of .NET, has ported Android to Microsoft's C# with its XobotOS project. Although just an experiment and unlikely to solve Google's issues, the team showed that running the robot on C# instead of Java gave fewer coding limitations, better battery life and direct graphics access. Additionally, Xamarin reports "massive" speed gains on its HTC Flyer and Acer Iconia when running the side-project port -- no surprise given C#'s machine heritage. Sure, it's pure speculation that Mountain View and its developers would ever change their Java MO, but a little patent relief and faster Android devices in one kill shot? That's a sweet idea.
Flashback was earning about $10K per day
People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money. A post on the Symantec official blog listed the stages of infection from Flashback: A user visits a compromised website. The browser is redirected to an exploit site hosting numerous Java exploits. CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component. This component downloads a loader and an Ad-clicking component. That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue. Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day. If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself. [via Macworld]
Oracle providing direct Java support for OS X, updates to be more timely
Macworld and Ars Technica reported late yesterday that Oracle has announced direct support of Java for OS X. This appears to be a reaction to the rather widespread outbreaks of malware that took advantage of exploits in Java before Apple was able to provide an update. This change has been anticipated for some time, as Apple did not include its own Java in Lion by default. Like the other platforms where Java works, Oracle will be providing updates for future versions of OS X. Oracle's Henrik Stahl announced that the company will be updating Java for the Mac directly and on a release schedule concurrent with other platforms such as Windows, Linux, and Oracle's Solaris OS. Stahl also announced that the Java Development Kit 7 and JavaFX Software Development Kit 2.1 for OS X are now available for download. Support for the Plugin and Web Start elements of Java won't be available until later in 2012 when JDK 7 Update 6 arrives. Oracle also noted that the new versions of Java will only support OS X Lion and higher. [via The Verge]
Another Mac Flashback variant out, but still uses same (patched) vulnerability
We're not quite done with Flashback yet. The good news is that the number of Macs affected by the trojan has gone down greatly, but the bad news is that there's a new variant of it out in the public. It's called Flashback.S, and just like the original, it can worm its way into a Mac's home folder without the admin password. But the new version still just takes advantage of that same vulnerability in Java, and that's already been patched. So if you've updated your Java post-Flashback, there's nothing to worry about. It's been quite a nuisance for Mac owners, however!
Flashback infections down from over half a million to under 150,000 in eight days
According to Symantec, the OSX.Flashback.K infection is declining each day. The current number of infected Macs is now around 140,000, down from 600,000 a week ago. If you think you may be infected, you can run a Flashback removal tool from either Kapersky or F-Secure. Apple also has a tool for Lion users without Java installed. OS X users should install the latest Java update from Apple which will protect you from a future infection.
Around 140,000 Apple machines still infected with Flashback malware, says Symantec
By now, we're all quite familiar with the Java-driven trojan that's affected thousands of Apple's rigs, and while the numbers seem to have drastically dropped since the first Cupertino fix, there's still a plethora of machines carrying the bug. According to Symantec, the number of infected computers is now at around 140,000, seeing a decline of over 460,000 since April 9th. Still, the security outfit remains puzzled by the fact, as it expected the digits to be somewhere near the 99,000 mark by now. Perhaps this is due to some folks not even being aware of Flashback's existence, or maybe not checking for software updates as often as most of us. Either way, we hope you've already used one of the tools Apple handed you.
Another Java trojan for Mac discovered, this time through Microsoft Word
Just days after Apple released its official Flashback trojan patch, another Java trojan has been discovered that could possibly infect Macs. The trojan is known as "LuckyCat." As Kaspersky Lab Expert Costin Raiu explains in a blog post, LuckyCat takes advantage of an exploit in Microsoft Word that allows malware to be spread via documents that take advantage of the CVE-2009-0563 vulnerability: One of the biggest mysteries is the infection vector of these attacks. Given the highly targeted nature of the attack, there are very few traces. Nevertheless, we found an important detail which is the missing link: Six Microsoft Word documents, which we detect as Exploit.MSWord.CVE-2009-0563.a. In total we have six relevant Word .docs with this verdict -- with four dropping the MaControl bot. The remaining two drop SabPub. The most interesting thing here is the history of the second SabPub variant. In our virus collection, it is named "8958.doc". This suggests it was extracted from a Word document or was distributed as a Doc-file. Currently there are no details on how the average user can detect if they are infected with the LuckyCat trojan, nor how to remove it. One can expect that the Microsoft Word vulnerability will be patched in an Office for Mac update.
Apple issues Flashback removal tool for 10.7 Lion systems not running Java
The Flashback OS X trojan continues to cast a rainy shadow over Mac owners' sense of security, and even though a fix has been released, this was only for what Apple considered "the most common variants." Users of Lion, who don't have Java installed, weren't included in that initial run, but there is a new removal tool just for them. So, if you're running 10.7 and never installed Oracle's virtual machine, make sure you point your browser at the source link below.
Flashback removal tool for no-Java 10.7 Lion now available
The security risks of having a Java virtual machine/runtime environment on your Mac have been highlighted over the past two weeks, as the Flashback trojan spread widely by taking advantage of a vulnerability that Oracle had patched months ago -- but that Apple had not. There is a mitigating factor, however, in that Apple does not ship a JVM with Lion; users who need it have to opt in and download it. Today, Apple released a standalone Flashback removal tool for Lion installs that don't have Java. While Apple's Java package has now been updated repeatedly both to patch the exploit and to Flashback-proof the system as a whole, Lion users without Java installed were left out. In theory they could be affected by the Flashback trojan itself even if they weren't susceptible to the specific means of infection that this variant uses. The 356KB download is recommended for all Lion users without Java installed.
Apple releases fix for Flashback malware
It promised earlier this week that a fix was coming, and Apple has now delivered a Java security update that is says removes "the most common variants of the Flashback malware." That update also reconfigures the Java web plug-in to disable the automatic execution of Java applets by default (in Lion, at least -- those still on Snow Leopard are advised to do that themselves), although folks can re-enable that functionality if they choose. As usual, OS X users can download the update through the Software Update application.
Apple publishes support page for Flashback malware, is working on a fix
After the Flashback / Flashfake Mac trojan was exposed by Russian site Dr. Web, Apple has finally responded by publishing a support page about the issue and promising a fix. If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650,000 Macs was identified on March 4th. Antivirus maker Kaspersky has confirmed the earlier findings, and released a free tool affected users can run to remove the trojan from their computers. Other than the update already delivered for computers running OS 10.6 and 10.7 Apple recommends users on 10.5 and earlier disable Java in their browser preferences. What isn't mentioned however, is when its fix is incoming or any timetable on its efforts with international ISPs to cut off the IP addresses used by the network. This is not the first time Macs have fallen prey to malware and as their market share grows will likely not be the last, so don't think just opting for OS X is automatically keeping you a step ahead security-wise. Check the links below for more information about what the malware does, and how to get rid of it.
Apple responds to Flashback trojan, promises removal tool
In a tech note published today, Apple discussed the Flashback trojan (past coverage here) and reminded users of OS X 10.6 and 10.7 that they should install the April 3 Java update to remove the vulnerability that the malware uses to infect Macs. For users of OS X 10.5 Leopard or earlier, Apple has not updated Java yet to patch the flaw; in that case, Apple's recommendation is to turn off Java in the browser to guard against Flashback. The note also says that "Apple is developing software that will detect and remove the Flashback malware." No ETA on that yet; in the meantime, the company is working with network service providers to disable or block the command and control servers that Flashback checks in with. [via The Loop] Photo by Joost J. Bakker | flickr cc
