Thursday, April 12, 2012, 01:45 pm PT (04:45 pm ET)
Apple Java update removes Flashback malwareApple on Thursday released a software update to remove Flashback, the most notorious Mac trojan to date, which reportedly affected some 600,000 Macs worldwide.
According to Apple, the Java security update removes the "most common variants" of the Flashback malware and offers further protection from future iterations by configuring the web plug-in to disable the automatic execution of Java applets.
From the release notes:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
This update is recommended for all Mac users with Java installed.
The Flashback trojan created a botnet of more than 600,000 Macs around the world and tracked web browsing information, user IDs and passwords. By exploiting a Java security hole, the malicious software was able to install itself automatically on a user's computer after they visited an offending website. Flashback was first discovered last year and evolved into the self-installing version seen today.
The download, which supersedes recent Java patches, is available via Software Update and comes in at 66.8MB.
On Topic: Mac OS X
- Apple to enable pixel-doubled 'Retina' mode for 4K monitors in OS X 10.9.3
- Apple issues first OS X 10.9.3 beta, asks developers to focus on graphics and audio
- Apple issues OS X Server 3.1 Preview beta with added supervised devices support
- Mac owners report OS X 10.9.2 update breaks AirPlay functionality
- Apple releases OS X 10.9.2 with fix for SSL security flaw, plus new FaceTime Audio