Never miss an update Follow AppleInsider
Thursday, April 12, 2012, 04:45 pm
Apple Java update removes Flashback malware
Apple on Thursday released a software update to remove Flashback, the most notorious Mac trojan to date, which reportedly affected some 600,000 Macs worldwide.According to Apple, the Java security update removes the "most common variants" of the Flashback malware and offers further protection from future iterations by configuring the web plug-in to disable the automatic execution of Java applets.
From the release notes:
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
This update is recommended for all Mac users with Java installed.
The Flashback trojan created a botnet of more than 600,000 Macs around the world and tracked web browsing information, user IDs and passwords. By exploiting a Java security hole, the malicious software was able to install itself automatically on a user's computer after they visited an offending website. Flashback was first discovered last year and evolved into the self-installing version seen today.
The download, which supersedes recent Java patches, is available via Software Update and comes in at 66.8MB.
On Topic: Mac OS X
- Apple seeds OS X 10.8.4 beta build 12E52 to developers
- iMovie update fixes issues with camera recognition, iOS movie imports
- Apple fixes Thunderbolt target disk mode in software update
- First look: Pixelmator 2.2 Blueberry goes live in the Mac App Store
- Apple seeds OS X 10.8.4 beta build 12E47 to developers with no known issues
Previous Comments View All
Quote:
Originally Posted by adamw 
I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!
I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!
Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?
http://www.f-secure.com/v-descs/troj...shback_i.shtml
Regardless, I ran the update and have done the discovery steps of the manual removal progress, and found nothing.
I know everyone wants to blame Java for this vulnerability and they should, however, allowing an application to auto install by visiting a website? Give me a break. That is something that neither the browser nor the OS should allow. Why they let a browser plugin write anything to disk other than a cookie or an html5 db, I do not know.
Quote:
Originally Posted by adamw
I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!
I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!
It will be interesting to see if Apple can find a way to prevent future threats without resorting to using an active or passive virus/trojan scanner. Locking down the execution of applications to signed apps is one step. Not sure how that will apply to Flash or Java applications started from the browser or malicious code somehow run within the browser.
Quote:
Originally Posted by mstone
I know everyone wants to blame Java for this vulnerability and they should, however, allowing an application to auto install by visiting a website? Give me a break. That is something that neither the browser nor the OS should allow. Why they let a browser plugin write anything to disk other than a cookie or an html5 db, I do not know.
I know everyone wants to blame Java for this vulnerability and they should, however, allowing an application to auto install by visiting a website? Give me a break. That is something that neither the browser nor the OS should allow. Why they let a browser plugin write anything to disk other than a cookie or an html5 db, I do not know.
Yeah, there should be multi-layer protection here. Java should restrict apps, the OS should sandbox Java, and Safari should not be executing Java apps/applets without specific user approval.
Quote:
Originally Posted by Cinder6
Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?
Interesting...it was my understanding that, according to F-secure, Flashback wouldn't install itself if you had Little Snitch (or a host of other programs). Am I reading this wrong?
I was infected via the Java vulnerability. I used the manual Flashback trojan removal instructions, was reported as infected, and uninstalled the files F-secure recommended. Re-ran the instructions twice and came up clean. Later, someone recommended I try Little Snitch and I installed, and immediately found 2 infected program files trying to send data out to suspicious web sites. Googled the file names and found other Mac users had these same files with the trojan also, so I manually removed these 2 files. Have run Little Snitch ever since and have had no more trojan activity reported.
Also, Apple's Java update and trojan removal tool that was released today did not report the trojan on my Mac, although several other people saw a trojan detected error message like this upon installing the update from Apple today:
https://www.facebook.com/photo.php?f...type=1&theater
They say to also deactivate Java, does that include clicking off both Java and Java Script from Safari Preferences or just Java?
Quote:
Originally Posted by AppleInsider
Apple on Thursday released a software update to remove Flashback
Apple on Thursday released a software update to remove Flashback
For sure this time!
Quote:
Originally Posted by drblank
They say to also deactivate Java, does that include clicking off both Java and Java Script from Safari Preferences or just Java?
They say to also deactivate Java, does that include clicking off both Java and Java Script from Safari Preferences or just Java?
Despite their name similarity, Java and JavaScript are not related in any way really. JavaScript was named that because of marketing reasons, which to this day confuses most users because it seems absurd that two things with such clearly related names have no relation.
To answer your question, just Java.
I'm skeptical of the whole thing. The original claim was that there were 600,000 infected Macs. Early today (before Apple had released a fix), the claim was that there were 230,000 to 270,000 infected Macs.
So did 60% of the Macs heal themselves? I think it's extremely unlikely that 60% of infected Mac users went through the trouble of fixing the problem manually. Far more likely that the numbers are wrong.
Latest Apple Headlines
-
10M Samsung flagship phones in 28 days a 'record,' 5M iPhone 5 in 3 days 'disappointing'
~6 hours ago -
Song skipping feature in Apple's 'iRadio' reportedly holding up Sony deal
~10 hours ago -
Apple yanks 'Bang with Friends' app from iOS App Store
~11 hours ago -
Revenue from iOS, Android gaming apps now three times greater than portable consoles
~12 hours ago -
Gameloft's Gangstar Rio, N.O.V.A. 3 go free on iOS for a limited time
~14 hours ago - more...
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| Core i5 MacBook Pros w/ Retina | ||
| 13" 2.5GHz/8GB/128GB | $1,406.48 | $292.52 |
| 13" 2.5GHz/8GB/256GB | $1,479.99 | $519.01 |
| 13" 2.5GHz/8GB/512GB | $1,699.99 | $799.01 |
| Core i7 MacBook Pros w/ Retina | ||
| 13" 2.9GHz/8GB/256GB | $1,599.99 | $599.01 |
| 13" 2.9GHz/8GB/512GB | $1,799.99 | $899.01 |
| 15" 2.3GHz/8GB/256GB | $1,899.99 | $299.01 |
| 15" 2.6GHz/8GB/512GB | $2,299.99 | $568.01 |
| 15" 2.7GHz/16GB/768GB | $2,699.99 | $499.01 |
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.99 | $329.99 |
| 32GB WiFi | |
$429.99 | $429.99 |
| 64GB WiFi | |
$529.99 | $529.99 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.99 | $459.99 | $459.99 |
| 32GB 4G White | $559.99 | $559.99 | $559.99 |
| 64GB 4G White | $659.99 | $659.99 | $659.99 |
| 16GB 4G Black | $459.99 | $459.99 | $459.99 |
| 32GB 4G Black | $559.99 | $559.99 | $559.99 |
| 64GB 4G Black | $659.99 | $659.99 | $659.99 |
I was initially infected by this Flashback trojan on my Mac, and even the manual removal instructions did not get all of the trojan's files, which still tried to send info out over the Internet, but thanks to the Little Snitch app for finding these rogue infected files. I have installed this Java update with no problems. I hope I never see this trojan again on my Mac!