Apple Acknowledges Flashback Malware With Update

Apple Acknowledges Flashback Malware With Update

Apple has been slammed by online security experts for taking three months to stop the Flashback malware threat to Apple computers and develop software that will detect and remove it from OS machines.

The Flashback Trojan self-installs after users visit popular mainstream websites such as Dlink that have been infected to distribute the program, according to users sourced by The Verge.

Once the malware infects your machine, it monitors your data traffic from your computer, looking for your usernames and passwords and could eventually compromise online banking or credit card details.

670,000 computers were infected worldwide, with more than 98 per cent running Mac OS X, according to Kasperksy Labs.

The malware was not addressed for three months, spreading from February 2012 and mutating on 16 March. An automatic security update was released by Apple on April 3, to patch the Java security hole for OS X v10.7 and Mac OS X v10.6 and shut down the virus.

“The three month delay in sending a security update was a bad decision on Apple’s part,” said Alexander Gostev, Kaspersky Lab’s chief security expert.

"There are a few reasons for this. First, Apple doesn't allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough," he added.

Apple knew about this Java vulnerability for three months, according to Gostev, yet neglected to push through an update. "The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security," he said.

Apple says that for the malware to work, the cyber criminals creating the virus rely on their own computer servers.

Apple says it is working with internet service providers across the globe to disable this server network.

Mac users are advised to protect against possible future Java flaws by deleting it if they do not use it.

To do so, disable individual plug-ins by clicking the disable link under its listing on your computer. In Mozilla Firefox for Mac, click Tools, Add-ons, and disable the Java plugin(s).

Close

What's Hot