|
|
I think my iMac may have been compromised by that Java version 6 security issue
|
|
|
|
Senior User
Join Date: Feb 2002
Location: Miami
Status:
Offline
|
|
A few weeks ago I thought I had downloaded the update to version 7 but after more strange behavior (freezing and just random issues) I checked again and apparently had version 6 the whole time. I checked using instructions from an article on Macworld on how to disable Java, deleting the JavaVirtualmachines folder from Library. Also went to preferences and unchecked "enable java" from the java security pane opened via Preferences/Java. It said however that Java was being disabled only on this browser as an administrator would be needed to disable it on all accounts on the iMac... well, I am the administrator?
So, how do I check if my computer has been compromised? How do I find out if someone has gotten root access?
Console is giving me messages such as:
3/11/13 11:56:58.111 p.m. sandboxd[421]: ([419]) mdworker(419) deny mach-lookup com.apple.ls.boxd
3/11/13 11:56:58.000 p.m. kernel[0]: Sandbox: sandboxd(421) deny mach-lookup com.apple.coresymbolicationd
Also system update has for the last few weeks given me an error message on an update to iTunes 11.0.2...
3/12/13 12:01:06.967 a.m. iTunes[442]: _NotificationSocketReadCallbackGCD (thread 0x7fff77923180): Unexpected connection closure...
Thanks,
Sosa
|
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
|
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2002
Location: Miami
Status:
Offline
|
|
Ok, I was able to install version 11.0.2 (26) of iTunes after following this thread:
https://discussions.apple.com/message/21364627#21364627
Also changed to password of the root account and deleted one user account that was running programs even though the user was logged off. Of course Activity Monitor still shows one process from "nobody" called warmd and a whole bunch of other processes not mine including many root processes, is this normal?
|
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status:
Offline
|
|
I have a warmd running under the user nobody. Just an FYI those java exploits were for the java browser plugin. You don't need to delete java itself just the plugin. How often do you open jar files from strangers, I'd bet never.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2002
Location: Miami
Status:
Offline
|
|
Well I've done a lot of checking using F-Secure's website articles and it doesn't appear I had the Java infection, but I'm still getting these console log messages:
3/12/13 2:03:55.972 a.m. mdworker[1454]: Unable to talk to lsboxd
3/12/13 2:03:56.024 a.m. sandboxd[1456]: ([1454]) mdworker(1454) deny mach-lookup com.apple.ls.boxd
3/12/13 2:03:56.000 a.m. kernel[0]: Sandbox: sandboxd(1456) deny mach-lookup com.apple.coresymbolicationd
Wish I knew what it meant!
|
2011 iMac 2.7 i5, 16gb RAM, 1TB HD
Previous Macs: Apple IIc+, iMac 350 G3, iBook 700 G3, G4 Powerbooks 12" 1ghz & 15" 1.67ghz
Join Team MacNN.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Status:
Offline
|
|
Those are relatively normal log messages which just mean that parts of the system aren't getting the correct sandbox rules. Shouldn't affect anything aside from repeated log messages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|