Earlier this week we brought you news that Apple was working on its own tool to detect and remove the recently discovered Flashback malware from the over 600,000 Macs that were infected.
Today, Apple rolled out a new update to Java that should remove “the most common variants” of Flashback. It also prevents Java applets from running automatically, though users have the option of re-enabling this feature manually if they so choose.
You can find more information on Apple’s description of the update here. The update can be downloaded from Software Update on your Mac.
This is actually the third Java update Apple has released since this Flashback variant was discovered early last week. While malware targeted at Macs has historically required direct user interaction to install (usually masquerading as something legitimate to trick the user into giving it access), this Flashback variant is different. It exploits a flaw in Java to install itself on users’ Macs if they so much as visit an infected website. Shortly after it was discovered, Apple released a Java update that patched the Java exploit, followed just a couple days later by a second Java update.
In addition to a walkthrough that allowed users to find and remove the malware using Terminal, several free tools were released earlier this week that allowed users to find and remove it a little more easily. On Tuesday, Apple announced that they were developing their own tool to detect and delete the malware. It was unclear at the time what form that tool would take. Apparently it took the form of a third Java update.
When Flashback malware was first discovered, it was estimated that upwards of 600,000 Macs around the world were infected, most in the U.S. and Canada, with significant numbers in the U.K., Australia, and elsewhere, as well. It is unclear how many device remain infected now that the malware is widely known and tools exist to remove it.
Apple’s Mac operating system has long had a reputation for being virtually immune to the viruses that plague users of Windows-based PCs. As the Flashback malware has proven, however, Macs are hardly immune. Flashback has been the most widespread malware infection to hit Macs yet. Some might be inclined to treat Flashback as a harbinger of some torrent of Mac-targeted malware. While that is certainly an exaggeration, Flashback does serve as a reminder to Mac users that they are not immune to such problems, and should exercise the same kind of vigilance and caution that Windows users (usually) take for granted.
At any rate, if you have Java installed on your Mac, open up Software Update and download the new version as soon as you can.