Skip to main content

Flashback

See All Stories
Site default logo image

Apple softens its language on Virus susceptibility in wake of Flashback trojan

After Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected. Kaspersky’s CEO claimed Apple is “now entering the same world as Microsoft has been in for more than 10 years.” Now, as noted by PCWorld, Apple appears to be publicly changing its longstanding stance that “it doesn’t get PC viruses.” The statement on Apple’s “Why you’ll love a Mac” website now reads: “It’s built to be safe” (as you can see in the comparison screenshots above).

Another statement on the website switched from “Safeguard your data. By doing nothing” to “It’s built to be safe.” Following the Flashback incident, Kaspersky claimed in April that Apple is “ten years behind Microsoft in terms of security,” and he “expects to see more and more” malware on Macs.

Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it’s not just Flashback or Flashfake. Welcome to Microsoft’s world, Mac. It’s full of malware….Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on,” he added. “We now expect to see more and more because cyber criminals learn from success and this was the first successful one…. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago”

Site default logo image

Apple releases update to Leopard, includes Flashback removal tool

While Apple has released updates for both Lion and Snow Leopard to remove the Flashback malware that is making the rounds, the company had not released a fix for Leopard until today. Apple released a Flashback Removal Security Update for Leopard this afternoon that weighs 1.23MB. Along with removing the Flashback malware, it also disables the Java plug-in in Safari. Apple described the update:

This update removes the most common variants of the Flashback malware. If the Flashback malware is found, a dialog will notify you that malware was removed. In some cases, the update may need to restart your computer in order to completely remove the Flashback malware…To improve the security of your Mac, this update also disables the Java plug-in in Safari.

Apple also released Security Update 2012-003 for Leopard that “disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe’s website.” A similar update was issued for Lion and Snow Leopard in Safari 5.1.7, which released with OS X 10.7.4 late last week—hit up Software Update.

This is the first major update Apple has released for Leopard since Lion debuted last July. Unlike Adobe, it looks like Apple is devoted to keep its old products up-to-date—even if the update is a few weeks behind. For those of you unaware, Adobe recently told users to upgrade from CS5 to CS6 to avoid a security flaw in older versions of software, instead of just patching it. However, Adobe quickly backed down after receiving a ton of backlash from the community and promised an update in the coming weeks. Still sketchy.

More on the Flashback malware


Expand
Expanding
Close

Site default logo image

Oracle finally releases first Java Developement Kits for Mac OS X

When Apple confirmed in 2010 that it would no longer support Java for OS X, it also announced shortly after an agreement with Oracle to include OS X support in future versions of its OpenJDK Project to provide Java SE 7 implementation on Macs. Over a year later, Oracle has now released Java SE 7 Update 4 and JavaFX 2.1 with the first JDK to land with OS X support (via MacRumors):

This release marks Oracle’s first delivery of both the Java Development Kit (JDK) and JavaFX Software Development Kit (SDK) for Mac OS X. 

– Java developers can now download Oracle’s JDK, which includes the JavaFX SDK, for Mac OS X from the Oracle Technology Network (OTN). 

– Oracle plans to release a consumer version of Java SE 7, including the Java Runtime Environment (JRE) for Mac OS X later in 2012.

Following the original announcement in 2010, Apple’s late CEO Steve Jobs explained that his company’s practice of shipping a version of Java behind Oracle as possibly “not be the best way to do it.” Of course, Apple has patched several vulnerabilities in Java in recent weeks that have lead to an outbreak of malware on Macs. That vulnerability was patched by Oracle in February, months before OS X users received it.

Site default logo image

Kaspersky: Apple is 10 years behind Microsoft on security

The last time security researchers at Kaspersky checked the state of Macs infected with the Flashback malware outbreak, it estimated roughly 140,000 were still infected. At the recent Info Security Europe 2012 conference, CBR quoted CEO and co-founder Eugene Kaspersky as claiming Apple is 10 years behind Microsoft when it comes to security:

“I think they are ten years behind Microsoft in terms of security,” Kaspersky told CBR. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms…. 

Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it’s not just Flashback or Flashfake. Welcome to Microsoft’s world, Mac. It’s full of malware….Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on,” he added. “We now expect to see more and more because cyber criminals learn from success and this was the first successful one…. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago”

Kaspersky: 30,000 Mac users left infected with Flashback, more Mac malware on the way

Site default logo image

As of yesterday, security company Symantec released a statement claiming there were still 140,000 Macs infected from the recent Flashback malware outbreak that originally infected an estimated 600,000 Mac users. That was despite Apple issuing a Java security update to remove the malware. Today, security researchers from Kaspersky said during a press conference (via Ars Technica) that it estimated infections dropped to 30,000, while still warning more “mass-malware” on OS X is on the way:

“Market share brings attacker motivation… Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

Kaspersky also clarified that much of the Flashback infections were spread through trusted WordPress websites that have been hijacked rather than through malicious downloaded files as many assume. Ars explained:

Expand
Expanding
Close

Free app checks for the Flashback trojan infecting 600,000 Macs

Site default logo image

Over the past few weeks, security experts have warned Mac users of a new virus making its rounds called the “Flashback” trojan. Flashback is allegedly on over 600,000 Macs, which is roughly 1-percent of the 45 million out there. Flashback exploits a pair of vulnerabilities in older versions of Java. Apple may have patched it, but it is still out there and running on many machines.

How do you know if you are infected? F-Secure has a few Terminal commands to check your machine. For the many who are not adept at keeping their Java updates fresh, terminal commands are going to be even more foreign. Luckily, ArsTechnica points us to a free Flashback checker available on github. The app runs the same checks as you would in Terminal, but automates it for you.

We ran the test ourselves and were clean, but one of our readers found that he had the virus last week. It is definitely worth checking out. If your Mac does have Flashback, F-secure offers a great guide on how to remove it.


Expand
Expanding
Close

Are 600,000 infected Macs, including hundreds in Cupertino, part of a global botnet?

Site default logo image

ArsTechnica quotes a Russian antivirus company called “Dr. Web” that claims hundreds of thousands of Macs are infected with the Flashback Trojan detailed earlier this week. The attack takes advantage of an old Java vulnerability that Apple just patched this week.

Variations of the Flashback trojan have reportedly infected more than half a million Macs around the globe, according to Russian antivirus company Dr. Web. The company made an announcement on Wednesday—first in Russian and later in English—about the growing Mac botnet, first claiming 550,000 infected Macs. Later in the day, however, Dr. Web malware analyst Sorokin Ivan posted to Twitter that the count had gone up to 600,000, with 274 bots even checking in from Cupertino, CA, where Apple’s headquarters are located.

Dr. Web said over half of the infected computers were in the United States (including 274 in Cupertino), and 20 percent were in Canada. The malware self-installs after you visit a compromised or malicious webpage. Obviously, it would be a good idea to update any Macs in your control.

If you think one of your machines may be infected, F-Secure has instructions on how to use the Terminal to find out. If these numbers are true, chances are some 9to5Mac readers are infected. Update: A reader comments that he was infected (599,999 more to go):