MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

« Condition Remains GREEN | Main | Condition Remains GREEN »
Friday
May062011

Condition Remains GREEN

Disable Java if you do not need it. We are aware of various crimeware kits and tools being used targeting Windows infrastructure via Java. We have not detected any kits specific to MacOSX but Java is a cross platform environment which can allow criminals to take advantage of systems regardless of operating system.

In the October 2010 the OSX/Koobface.A / trojan.osx.boonana.a directed users to sites which downloaded mixed code. Flash, Java and PDF vulnerabilities will be the most economical way to deliver working exploits to MacOSX systems. It is our thinking that in the case of JAVA, due to the cross OS nature and Apple's custom update cycle, it would be the attack vector platform of choice.

We recommend the following:

  • If you do not need or use Java than disable it.
  1. In Safari goto Safari>Preferences>Security and disable Java.
  2. In Chrome visit Chrome://plugins and disable Java.
  3. In Firefox Tools>Add-ons and disable Firefox.

If you need to use Java we recommend the review the following settings in Java Preferences.app: 

  • In /Applications/Utilities/Java Preferences.app disable "Allow User to grant permissions to content from an untrusted authority."
  • In /Applications/Utilities/Java Preferences.app disable "Use certificates and keys in browser keystore"
  • In /Applications/Utilities/Java Preferences.app disable "Use personal certificate automatically if only one matches server request."
  • In /Applications/Utilities/Java Preferences.app enable "Enable blacklist revocation check."
  • In /Applications/Utilities/Java Preferences.app enable "Check certificates for revocation using CRL"
  • In /Applications/Utilities/Java Preferences.app enable "Enable online certificate validation"
  • Review Trusted Publishers in Security pane.

Consider each option based on your specific business needs. For example, if you are developing jar/applets internally consider reviewing of the signing process to insure that all internal app/jar used for production systems and properly signed by your organization.