A second variant of the Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is exploiting a Microsoft Word security hole, not the usual Java vulnerabilities used before.
Just a few days ago, a new Mac OS X Trojan was spotted in the wild that exploited Java vulnerabilities and required no user interaction to infect your Apple Mac, just like the Flashback Trojan. Kaspersky referred to it as “Backdoor.OSX.SabPub.a” while Sophoscalled it at “SX/Sabpab-A.” Now, both security firms have confirmed a different variant of this new Trojan that infects Macs by exploiting Microsoft Word, not Java.
Sophos detects the malicious Word documents as Troj/DocOSXDr-A and points to the following Microsoft Security Bulletin: MS09-027. Kaspersky meanwhile points to this security bulletin for the same Microsoft Word security hole: CVE-2009-0563.
So, it looks like uninstalling Java or disabling it is not the biggest threat afterall. 😉 Now you need to upgrade your Microsoft Office software to protect you from this.
Very important to do, and updating your Java is very important too through Apple Software Updates as Apple put out another update that not only fixed the problem, it also removed the malware infection if found.
Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Beneath the belated fix to help users eradicate the threat, Apple has introduced a proactive approach to reducing security risk, and other vendors should take note.