A newly-posted Apple support note states:
A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.
Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.
Apple is developing software that will detect and remove the Flashback malware.
In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
Additional Information
For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.
Apple’s support note is here.
Related articles:
Apple asks to shut domain belonging to Flashback researcher ‘Dr. Web’ – April 10, 2012
Free app quickly checks your Mac for Flashback trojan – April 10, 2012
Top 10 free ways to secure your Mac – April 9, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Warning: Flashback Trojan horse spreading; Mac users should be wary of Flash installers – September 28, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
Why would Apple be so concerned about this…
is Dr.Web telling the truth then?
Apple is always concerned.
I hope the software works for Leopard (10.5)?
Just un-click Java in Safari prefs. Done.
Except if you have to use Java for work.
Yup.
It may be time for Apple to create some kind of virus-trojan detection-and-removal app. Windoze has something called Security Essentials for just that purpose – and it’s free.
While it is clear that the Mac OS is far from becoming a nest of viruses and trojans, this Flashback incident may be a warning that slowly but surely, things may be beginning to change – and that’s not surprising considering that the Mac is no longer a peripheral player in the computer world.
When I read about the Flashback trojan about a week ago, I carefully followed the instructions on how to detect it using Terminal.
I’m OK when using the GUI, but put me in the engine room of the OS and I’m pretty much lost. I didn’t have any problems with Terminal, but that’s not an experience I want to repeat often.
So when an app was released a day or two ago (on github) to detect the trojan, it was such a breeze finding out if my Mac was infected. It wasn’t, but I found the ease of using the app very convenient.
Hopefully, the software Apple is developing will be an updateable and schedulable app that is a simple search-find-remove tool that just works!
With Gatekeeper, any unauthorized app will be disabled, unless a power user goes and changes the settings. So, this will be a non-issue soon.
*advanced user. Not power user. sorry, typo. I’m running on two hours of sleep, and 6 cups of coffee 😀
so Apple’s working on a fix for a problem none of you have (so therefore it doesn’t exist) and that the antivirus companies probably made up in order to spur sells?
Wow! Finally someone who actually isn’t a zombie fanboy. Refreshing. Horse is out of the barn. It’s too late now to close the door. Apple will have to deal with the same problems that all computer users have had to deal with for ever. It was inevitable, you don’t really think that Apple can get this big and stay isolated do you? It’s nice to see that MDN is covering all Apple news. The only way to deal with problems is to address them and talk about them. Constantly praising Apple, as fanboys do, is certainly not constructive. Bout time we get all the Apple stories.
GM, it is a Java vulnerability. You are the one who looks like an idiot, trying so hard to be an anti-fanboy.
You must have grown up on paranoia and cut your teeth on conspiracy theories. Virtually no one gives any creedence to your Chicken Little rants.
I know it’s Java. I doubt you even know what it is? But I got your goat. That was worth the effort. Nothing like a fanboy.
I have to confess that I fell for the Flashback trojan. The installer was very convincing and I wasn’t paying attention when it showed up and I just went ahead and installed it.
Now that it’s gone, I decided to use the Click to Flash plugin for Safari, so the only time Flash content runs at all is when I want it to. It would be much better if Apple just banned Flash from OS X like it did with iOS. Unlike the OpenSource freeks, I want exactly ONE company in control of the OS I use day to day.
Apple to OS10.5 Leopard users on older hardware: drop dead.