While Macs have been notorious for being impervious to viruses – at least in terms of perception, while they were vulnerable, far more viruses were produced for Windows than OS X – their reputation for impeccable security is certainly being questioned now. Flashback, malware built to grab private information such as passwords entered in by users in applications, has evolved over time into a very dangerous piece of malicious software. In its beginnings, it required user interaction – through a dodgy looking Adobe Flash Installer – to lodge itself into one’s Mac.
However, the latest iterations of the Trojan no longer require user interaction to get within a Mac due to a Java exploit. With 600,000 Macs infected (1% of the Mac user base), Apple had to do something. Yesterday, they released a Java update that they hope will take care of the vulnerability, named Java for OS X 2012-003. On top of fixing the exploit used by the Flashback malware, the update also will disable the automatic execution of Java applets, further diminishing the chance of the malware silently making its way onto your Mac.
While you are technically still able to re-enable automatic execution of Java applets, the update will disable it once again if it detects that, after a period of time, no applets have been run.
Following up this, Apple today released a standalone Flashback malware removal tool outside of the update, which the company recommends that all OS X Lion users without Java should install. This utility removes most of the common variants of the Flashback malware from your machine. While the most dangerous form of this malware does in fact exploit the Java vulnerability, it’s still recommended that users run the tool as other variants may have used social engineering (and a hint of trickery and deceit) to get installed on the machine.
All in all, this entire malware incident has been quite the PR disaster for Apple, leaving a dent in its otherwise solid security reputation. Unfortunately, as Apple computers gain in popularity and use, more and more people may be more inclined to produce viruses and malware for the platform.
Nevertheless, it’s highly recommended that you use Apple’s tools and update your machine to be safe. If you do have Java installed, make sure that you install the update that was released yesterday. And if you don’t have Java installed, don’t think you’re completely impervious. Again, we recommend that you run the standalone Flashback malware removal tool just to be on the safe side.
Download Flashback malware removal tool for Mac
Be sure to check out our Mac OS X Apps Gallery to explore more apps for OS X powered computer.