15 October 2013

A variant of malware known as “Tibet” has recently been identified targeting Apple OS X computers running older versions of Java.

Although malware for Macs is still less common than some other operating systems, it is another reminder that Mac users should be taking precautions to secure their computers.

If you still require Java on your computer, you should ensure you are using the most up to date version of Java which is not affected by Tibet.

If you don’t require Java you should consider disabling or removing it.

About Tibet malware

This new variant of ‘Tibet’ malware targets software called Java which is used in the background of your computer for running some programs.

Previous versions of the Tibet malware worked by disguising an ‘installer’ as a legitimate file for another program, such as Word. (Once you opened the installer, it downloads and automatically installs the actual malware to your computer. It’s sometimes used as a way of avoiding detection by antivirus tools.)

While applications that have not been verified by Apple are normally blocked from running, ruling out the older Tibet versions, the new version circumvents this protection by using Java to launch the program instead. This new variant of ‘Tibet’ malware targets software called Java which is used in the background of your computer for running some programs.

Previous versions of the Tibet malware worked by disguising an ‘installer’ as a legitimate file for another program, such as Word. (Once you opened the installer, it downloads and automatically installs the actual malware to your computer. It’s sometimes used as a way of avoiding detection by antivirus tools.)

While applications that have not been verified by Apple are normally blocked from running, ruling out the older Tibet versions, the new version circumvents this protection by using Java to launch the program instead.

About Java

Java is (confusingly) both a programming language and a software platform owned by Oracle. Applications and websites can require Java to be installed on your computer to function correctly.

Installing Java on your computer essentially downloads a piece of software with two components, a ‘Runtime’ and ‘browser plug-in’.

The Java Runtime (or Java Runtime Environment (JRE)) installs as a piece software on your computer, and allows you to run Java applications on your computer, while the browser plug-in only installs into your internet browser, and allows websites that require Java to function correctly when you visit them.

Oracle provides a more detailed explanation of the different components here.

It’s important to note JavaScript, which also runs in your browser, is a different and unrelated product.

Confirm Java is on your computer.

Check the version of Java on your computer.

If you do wish to use Java on your Mac, you should update to the latest version.
Disabling the Java browser plugin will stop Java from running while using your web browser, which is often the most vulnerable component of this software. You are able to re-enable the plug in again in the future if required.

How to disable Java in your browser.

How to uninstall Java on a Mac.

Protecting your Mac

While viruses for Apple devices have typically been less common than for other devices, this trend is clearly changing.

It is important to treat security on an Apple Mac computer the same as for any other computer. This includes using reputable security software and following best practices for protecting your computer.

The Tibet malware discussed here can only target older versions of Java on OS X systems. You should always carefully evaluate your need for third party software such as Java and if you do not require it, you should consider uninstalling it or disabling it in your browser. you.

More information

Oracle provides useful answers to FAQs on its website, including how to update Java on Macs, set automatic updates and notifications, as well as how to disable Java in your browser and uninstall Java for Macs.

Stay Smart Online advice for securing your computer.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.

Feedback

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

Disclaimer

This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

CONTACT US

Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] dbcde.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online
  • Facebook.
  • youtube
  • RSS feed