Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > I think my iMac may have been compromised by that Java version 6 security issue

I think my iMac may have been compromised by that Java version 6 security issue
Thread Tools
Sosa
Senior User
Join Date: Feb 2002
Location: Miami
Status: Offline
Reply With Quote
Mar 11, 2013, 11:56 PM
 
A few weeks ago I thought I had downloaded the update to version 7 but after more strange behavior (freezing and just random issues) I checked again and apparently had version 6 the whole time. I checked using instructions from an article on Macworld on how to disable Java, deleting the JavaVirtualmachines folder from Library. Also went to preferences and unchecked "enable java" from the java security pane opened via Preferences/Java. It said however that Java was being disabled only on this browser as an administrator would be needed to disable it on all accounts on the iMac... well, I am the administrator?

So, how do I check if my computer has been compromised? How do I find out if someone has gotten root access?

Console is giving me messages such as:
3/11/13 11:56:58.111 p.m. sandboxd[421]: ([419]) mdworker(419) deny mach-lookup com.apple.ls.boxd
3/11/13 11:56:58.000 p.m. kernel[0]: Sandbox: sandboxd(421) deny mach-lookup com.apple.coresymbolicationd

Also system update has for the last few weeks given me an error message on an update to iTunes 11.0.2...
3/12/13 12:01:06.967 a.m. iTunes[442]: _NotificationSocketReadCallbackGCD (thread 0x7fff77923180): Unexpected connection closure...


Thanks,

Sosa
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
     
Sosa  (op)
Senior User
Join Date: Feb 2002
Location: Miami
Status: Offline
Reply With Quote
Mar 12, 2013, 01:00 AM
 
Ok, I was able to install version 11.0.2 (26) of iTunes after following this thread:
https://discussions.apple.com/message/21364627#21364627

Also changed to password of the root account and deleted one user account that was running programs even though the user was logged off. Of course Activity Monitor still shows one process from "nobody" called warmd and a whole bunch of other processes not mine including many root processes, is this normal?
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
     
BLAZE_MkIV
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Mar 12, 2013, 01:36 AM
 
I have a warmd running under the user nobody. Just an FYI those java exploits were for the java browser plugin. You don't need to delete java itself just the plugin. How often do you open jar files from strangers, I'd bet never.
     
Sosa  (op)
Senior User
Join Date: Feb 2002
Location: Miami
Status: Offline
Reply With Quote
Mar 12, 2013, 02:04 AM
 
Well I've done a lot of checking using F-Secure's website articles and it doesn't appear I had the Java infection, but I'm still getting these console log messages:

3/12/13 2:03:55.972 a.m. mdworker[1454]: Unable to talk to lsboxd

3/12/13 2:03:56.024 a.m. sandboxd[1456]: ([1454]) mdworker(1454) deny mach-lookup com.apple.ls.boxd

3/12/13 2:03:56.000 a.m. kernel[0]: Sandbox: sandboxd(1456) deny mach-lookup com.apple.coresymbolicationd

Wish I knew what it meant!
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
     
Thinine
Mac Elite
Join Date: Jul 2002
Status: Offline
Reply With Quote
Mar 12, 2013, 02:39 AM
 
Those are relatively normal log messages which just mean that parts of the system aren't getting the correct sandbox rules. Shouldn't affect anything aside from repeated log messages.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:35 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,