Apple releases Flashback trojan removal tool

Apple has released “Flashback malware removal tool” which removes the most common variants of the Flashback malware.

If the Flashback malware is found, a dialog will be presented notifying the user that malware was removed. In some cases, the Flashback malware removal tool may need to restart your computer in order to completely remove the Flashback malware.

This update is recommended for all OS X Lion users without Java installed.

SHA1: d4372b9bb14387a20567817ab7e03ea103fdffc2

See for more details about this update.

See for information about the security content of this update.

More info and download link (356 KB) here.


  1. … boogey only bugger up Lion systems? Or is this Lion-only fix a hint by Apple that “it’s time to move on”?
    My wife’s Snow Leopard system is the most important/sensitive one in the house and the only one yet to be updated.

  2. Wait a minute… do I understand this correctly?

    “This update is recommended for all OS X Lion users without Java installed.”

    Users who have a system that does not have Java installed… need a malware removal tool for a Java exploit?

    1. The Jave update just released 2 days ago has the Flashback removal tool built in and checks your system automatically.

      Anyone else that doesn’t use Jave or have it installed may download this tool, confusing because the explanation given in this article was not clear to all the information.

      Read Apples Support document it will help explain some of your questions.

  3. Go download Sophos free for Mac, update definitions, run full scan, Kill any bad files it finds. It would be best to wait a week, rescan. If you are a Mac malware denier. then throw Sophos in the trash after killed malware on your system.

    At least with “good” Mac AV they have all the definitions and for the most part all the top named AVs will kill ALL the variants, not like Apple’s sorta fix because their tool doesn’t have all the variant definitions. You may have Java unchecked or unloaded but the next guy might not. Lets hope people start to get their software update warnings.

    Oh yea, here comes another Trojan, not of the Flashback variant with authentication bypass. Another load a web page and you are pwnd. If it is not Java, it will be another internet facing vulnerability.

    1. Ted,

      I would not trust Sophos as the bottom line source of what to fear and what not to fear. Sophos has been reporting attacks against the Mac for many, many years. None, until Flashback, were true vulnerabilities that were/are in the wild. (I don’t view Trojans as a true vulnerability. The user has to be stupid enough to activate Trojans, and NO ONE can protect against stupid users.)

      This Flashback hack is real, takes no user action (other than to go to infected sites on the ‘net) and is in the wild.

      Should everyone keep their systems up to date? Should they routinely check for hacks? The answer to both is an unqualified, YES!

      Anyone with any sense knew there would be a day that a true hack on the Mac would be in the wild. That day has come. However, Flashback is so far an isolated case. That’s ONE for the hacker world. Compare that with over 10,000 known hacks in the Windows world.

      I know of a couple large companies (>>10,000 employees) that are so paranoid about their Windows machines that upon start up those machines all automatically run so many different virus scans and such that the machines are virtually unusable for an hour or more. The Mac is no where near there and is not likely to be in the foreseeable future.

    2. Or here’s another idea: don’t download Sophos, don’t get yourself trapped in a PC user-esque state of malware paranoia.

      If you’re worried about Flashback or Sabpab then just type their names into a search engine. You’ll find everything you need to know about detecting and/or removing them, which shouldn’t be difficult at all, not even for a novice. You also might learn something in the process, which you won’t if you just go running to Sophos.

      The best defense of course is to delete or disable Java because it’s a terribe, terrible piece of shit that’s programmed so badly it actually manages to undermine the security of your Mac. Patching it can close the exploit that these trojans use, but ultimately it’s like putting a bandaid over one particular hole in the bullet riddled life-raft.

  4. For those who are asking about this being for those systems that do not have Java installed…

    The most recent Apple Java update (for those that do have it installed) supposedly will fix the Java install AND remove the infection if you have one. Therefore there is no separate infection removal tool/application for those that do have Java installed with their Mac OS system.

  5. Hey, MDN… have you acknowledged that Macs have now been attacked by malware WITHOUT any of us idiots ALLOWING it to be installed on our machines? If so, thank you for your honesty. If not, when will you?

  6. No. 2: Hey MDN… have you also acknowledged that APPLE is acting JUST LIKE beleaguered MICROSOFT in their explanation written in terms specifically designed to say nothing that the average Mac user could possibly follow since what they have said is totally nonsensical? If so, thank you for your honesty. If not, why not?

  7. I just finished listening to Security Weekly episode 283 podcast with Paul Asadoorian, Larry Pesce, and Carlos Peres. Paul and Larry are corporate pentesters, with Paul also being the Tenable Security evangelist and Carlos being the lead researcher of post exploitation for Tenable Security who bring you the Nesus vulnerability scanner.

    These guys were talking over the Mac and the current malware hitting OS X and all three all agree it is time to run AV on a Mac. They were just laughing how all the Mac fanboys discount using AV even after this new large hit on OS X and the obvious future of coming malware that will be coming to OS X.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.