Less than a week ago we reported about Flashback, a malware that affects more than half a million Macs worldwide. Though it doesn’t sound dangerous, the trojan is capable of gathering sensitive information on your Mac by exploiting a Java vulnerability. Apple may have released a Java update to keep Flashback from acquiring data but it doesn’t remove the malware. Apple now says they are working on a tool to help detect and remove it.
“Apple is developing software that will detect and remove the Flashback malware,” Apple announced on their website. “In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.” Reassuring as it may be, the statement only reinforces our greatest fear: the Java update is not enough to keep our Macs and personal information protected from hackers.
A Java update was released on April 3 via Software Update. It fixes the security flaw on Macs running OS X v10.7 and Mac OS X v10.6 and prevents Flashback from getting any more information about you. Just as Apple implied, the update won’t stop the malware from sending acquired information to online servers. The only way to fix that would be to remove Flashback. F-Secure prepared a method that does that but it’s not a simple feat. The process involves inserting statements on the terminal command – something that only advanced Mac users can do. Not all hope is lost though. For everyone else, Apple is preparing a simple tool that will do the job in just a few clips.
Apple gave no word when the tool will be available. For the meantime, Mac owners running Mac OS X v10.6 and OSX v10.7 are encouraged to install the Java update through a Software Update. But if your Mac is running Mac OS X v10.5 and earlier, you can protect yourself from Flashback by disabling Java on your web browser. Apple is yet to address issues concerning a different product, the new iPad. Owners complain of WiFi problems as well as 3G connection, both appearing to be software-related.