MacNN Forums (
-   macOS (
-   -   I think my iMac may have been compromised by that Java version 6 security issue (

Sosa Mar 11, 2013 11:56 PM
I think my iMac may have been compromised by that Java version 6 security issue
A few weeks ago I thought I had downloaded the update to version 7 but after more strange behavior (freezing and just random issues) I checked again and apparently had version 6 the whole time. I checked using instructions from an article on Macworld on how to disable Java, deleting the JavaVirtualmachines folder from Library. Also went to preferences and unchecked "enable java" from the java security pane opened via Preferences/Java. It said however that Java was being disabled only on this browser as an administrator would be needed to disable it on all accounts on the iMac... well, I am the administrator?

So, how do I check if my computer has been compromised? How do I find out if someone has gotten root access?

Console is giving me messages such as:
3/11/13 11:56:58.111 p.m. sandboxd[421]: ([419]) mdworker(419) deny mach-lookup
3/11/13 11:56:58.000 p.m. kernel[0]: Sandbox: sandboxd(421) deny mach-lookup

Also system update has for the last few weeks given me an error message on an update to iTunes 11.0.2...
3/12/13 12:01:06.967 a.m. iTunes[442]: _NotificationSocketReadCallbackGCD (thread 0x7fff77923180): Unexpected connection closure...


Sosa Mar 12, 2013 01:00 AM
Ok, I was able to install version 11.0.2 (26) of iTunes after following this thread:

Also changed to password of the root account and deleted one user account that was running programs even though the user was logged off. Of course Activity Monitor still shows one process from "nobody" called warmd and a whole bunch of other processes not mine including many root processes, is this normal?
BLAZE_MkIV Mar 12, 2013 01:36 AM
I have a warmd running under the user nobody. Just an FYI those java exploits were for the java browser plugin. You don't need to delete java itself just the plugin. How often do you open jar files from strangers, I'd bet never.
Sosa Mar 12, 2013 02:04 AM
Well I've done a lot of checking using F-Secure's website articles and it doesn't appear I had the Java infection, but I'm still getting these console log messages:

3/12/13 2:03:55.972 a.m. mdworker[1454]: Unable to talk to lsboxd

3/12/13 2:03:56.024 a.m. sandboxd[1456]: ([1454]) mdworker(1454) deny mach-lookup

3/12/13 2:03:56.000 a.m. kernel[0]: Sandbox: sandboxd(1456) deny mach-lookup

Wish I knew what it meant!
Thinine Mar 12, 2013 02:39 AM
Those are relatively normal log messages which just mean that parts of the system aren't getting the correct sandbox rules. Shouldn't affect anything aside from repeated log messages.
All times are GMT -4. The time now is 04:25 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.3.2