A newly-posted Apple support note states:
A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.
Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.
Apple is developing software that will detect and remove the Flashback malware.
In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.
Apple’s support note is here.
Apple asks to shut domain belonging to Flashback researcher ‘Dr. Web’ – April 10, 2012
Free app quickly checks your Mac for Flashback trojan – April 10, 2012
Top 10 free ways to secure your Mac – April 9, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Warning: Flashback Trojan horse spreading; Mac users should be wary of Flash installers – September 28, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011