Apple has released another fix for Java that also is designed to remove several of the variants of the Flashback Trojan that have been plaguing Mac users for months now. The update, released on Thursday, is the latest in a series of attempts by the company to address the Flashback situation.
The most recent update from Apple is in essence a removal tool that rides along with a Java update, and the company said that the fix also changes the way that OS X handles Java applets.
“This Java security update removes the most common variants of the Flashback malware. This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets,” Apple said in its advisory.
The Flashback malware has been exploiting a pair of vulnerabilities in Java for several months now, and in that time hundreds of thousands of Mac users have been infected by the malware. At its height the Flashback botnet comprised more than 600,000 machines and researchers have said that there ae a huge number of Mac users out there who are running older, vulnerable versions of Java, making them potential targets for Flashback.
Apple has come under sharp criticism from security researchers and others, who have questioned the company’s seemingly slow response to the Flashback outbreak and lack of communication on the issue until the past week. The company typically doesn’t comment on security vulnerabilities in its products, and it’s not until things reach a head, as they have with Flashback, that Apple will issue a statement or advisory.
Apple is recommending that all Mac users install the new Java update as soon as possible.