osx java security update, part 2

updating the previous post, i checked out apple’s separate flashback malware remover released yesterday. the release notes say it requires 10.7 and recommends installing on machines without java installed. does this malware even work without java installed?

installing it on my 10.7.3 test box didn’t do much. since it’s not infected, it looks like the behavior is exactly the same as the bundled payload in the java security pkg. it installs, checks, then remove its components if there’s nothing to do. there are a few log entries that show its check status and a reference to xpchelper, which is part of apple’s xprotect that’s supposed to deal with malware.

Apr 14 11:12:58 buckethead xpchelper[2449]: could not open dyld map file: (null) Apr 14 11:12:58 buckethead com.apple.launchd[1]: System: Could not find requested session: Aqua Apr 14 11:13:00 buckethead MRT[2468]: MRT finished scan. Malware files were not found. Apr 14 11:13:00 buckethead MRT[2468]: FAILURE: Job com.apple.mrt.uiagent is not loaded in launchd. Apr 14 11:13:00 buckethead MRT[2468]: Error: SMJobRemove: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 6 - The specified job could not be found.)

looks like this is all they want the removal tool to do. it won’t run as a service, instead doing a one-time scan before committing hara kiri.

a rock, a paper, and a goat

a love story

Comments