Apple Releases Fix For Flashback Malware

Apple has released another fix for Java that also is designed to remove several of the variants of the Flashback Trojan that have been plaguing Mac users for months now. The update, released on Thursday, is the latest in a series of attempts by the company to address the Flashback situation.

Mac Java patchApple has released another fix for Java that also is designed to remove several of the variants of the Flashback Trojan that have been plaguing Mac users for months now. The update, released on Thursday, is the latest in a series of attempts by the company to address the Flashback situation.

The most recent update from Apple is in essence a removal tool that rides along with a Java update, and the company said that the fix also changes the way that OS X handles Java applets.

“This Java security update removes the most common variants of the Flashback malware. This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets,” Apple said in its advisory.

The Flashback malware has been exploiting a pair of vulnerabilities in Java for several months now, and in that time hundreds of thousands of Mac users have been infected by the malware. At its height the Flashback botnet comprised more than 600,000 machines and researchers have said that there ae a huge number of Mac users out there who are running older, vulnerable versions of Java, making them potential targets for Flashback.

Apple has come under sharp criticism from security researchers and others, who have questioned the company’s seemingly slow response to the Flashback outbreak and lack of communication on the issue until the past week. The company typically doesn’t comment on security vulnerabilities in its products, and it’s not until things reach a head, as they have with Flashback, that Apple will issue a statement or advisory.

Apple is recommending that all Mac users install the new Java update as soon as possible.

Suggested articles

Discussion

  • Anonymous on

    Apple doesn't comment on security vulnerabilities because they want people to think they don't have any. I guess enough people got infected that Apple couldn't just ignore it and hope it disappeared silently.

    Am I reading this right though? One of the ways that it 'fixes' the vulnerability, is to turn of Java execution? That's not really a fix.

  • Anonymous on

    Oracle handles Java, Apple distributes it through their update system, but only for 10.7/10.6 because they want to force users to paid upgrades to the newer operating system versions and then bloat it so they have to buy new hardware. It's what's going on with 10.7 a slow beast and killing older Mac's left and right that would have lasted longer on 10.6. 20% are 10.5/104 users are left in the cold for security updates, but Apple upgrades their iTunes and Safari though.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.