Johannesburg, 13 Apr 2012
Apple has released a Java security update, which it says removes the most common variants of the “Flashback” or “Flashfake” virus.
The announcement comes after Apple was criticised for its slow response to the security flaw in the Java Web platform, which was exploited by the virus. A reported 600 000 Mac users were affected.
Earlier this week, Apple released two other updates that patched the vulnerability, but the latest update is the first to include a removal tool.
According to Apple, the Java for OS X Lion 2012-003 security update configures the Java Web plug-in to disable the automatic execution of Java applets. Apple recommends the update for all Mac users with Java installed.
Apple's update is, however, notably late to the party, and numerous security companies have already released tools to help identify infected computers and remove the malware. Kaspersky released a Web site, www.flashbackcheck.com, to help users determine if they were infected, along with the free utility tool Kaspersky Flashback Removal Tool.
F-Secure also released a fix that was made available as a Zip file on its Web site. Oracle also closed the same vulnerability for all non-Mac platforms a while ago, after the flaw was first identified in February.
The Flashback virus has been dubbed the largest and most sophisticated attack on Macs to date. The virus spread rapidly by downloading itself onto the Macs, giving hackers remote access to the targeted computers - providing them with access to users' personal and banking data.
The early versions of the virus originated in a pop-up window that tricked users into installing a fake version of Adobe Flash. The more sophisticated versions of the virus exploited a security flaw in Java software that then redirected users to a fake site that installed the malware.
Share