Apple working on software to detect and remove Flashback trojan
Apple revealed on Tuesday that it is currently developing software to detect and remove the Flashback malware that has infected an estimated 600,000 Macs worldwide.
The Cupertino, Calif., company made mention of the upcoming tool in a regarding the malicious software, as noted by Jim Dalrymple of The Loop. The document also pointed users to last week's Java update that patched the security flaw that the virus was exploiting.
"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network," the company said.
Apple also advises Macs running OS X 10.5 or earlier to disable Java in their browser preferences.
The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it. At the time, a security first categorized the threat as "low." The current version of Flashback used the Java vulnerability to create a botnet that could mine personal information from unsuspecting users.
Evidence of Apple's efforts to contact ISPs surfaced earlier on Tuesday when a Russian security firm revealed that the company had targeted one of its servers as being "involved in a malicious scheme." Dr. Web chief executive Boris Sharov said the server was "not doing any harm to users" and was being used to monitor the spread of the virus.
Sharov noted that the relative rarity of Apple security issues meant that Dr. Web hadn't established close ties with the company. "For Microsoft, we have all the security response team’s addresses,” he said. “We don’t know the antivirus group inside Apple.”
Last week, a Dr. Web analyst claimed that 600,000 Macs around the world had been infected by the Flashback malware. 56.6 percent of those infections are reportedly located in the U.S.
[ View article on AppleInsider ]
Comments
[...]
The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it.[...]
There's your problem, there. Nobody should install Flash. Period.
There's your problem, there. Nobody should install Flash. Period.
But it's a Java problem?
Fortunately, Apple already has software that takes care of it.
It's called LION. Neither Flash nor Java come with Lion.
But it's a Java problem…
Fortunately, Apple already has software that takes care of it.
It's called LION. Neither Flash nor Java come with Lion.
That's ridiculous. Why is Java updates distributed through the built-in Mac OS software update mechanism? Java may be third party software and no longer included in the latest Mac OS but it continues to be accorded special status by Apple. How did Apple distribute the Java updates that close this security hole? Not by telling you go to Oracle to download the update but sending it out through the OS software update.
As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.
Completely agree. Just as Microsoft is the keeper and bears responsibility for the security of the Windows platform, so Apple bears an equivalent obligation to work with third party software vendors - especially big ones like Oracle, run by Steve Jobs' best friend - to maintain the security of the Mac ecosystem. Its responsibility extends beyond the software it writes. Even John Gruber has now acknowledges that Flashback is an "epidemic" (because its infection rate is as big/bigger than the infection rate of the Windows Conflicker trojan) and a genuine problem. Pretending the "solution" to security holes is not to run software is ridiculous. Security holes area inevitable so they have to be patched quickly when found. Hopefully this will be bitter lesson for Apple to beef up their security practices.
As long as Apple distributes a version of Java, it must live up to its responsibilities to patch that version promptly with security updates. Patching a known security vulnerability 2 months after Oracle did is unacceptable.
Amen!
Apple is doing good stuff now to fix the problem but these fixes are about 2 months too late. Apple owns this one. And to think I finally got my parents to buy a Mac last month...
That's ridiculous. Why is Java updates distributed through the built-in Mac OS software update mechanism? Java may be third party software and no longer included in the latest Mac OS but it continues to be accorded special status by Apple. How did Apple distribute the Java updates that close this security hole? Not by telling you go to Oracle to download the update but sending it out through the OS software update.
Completely agree. Just as Microsoft is the keeper and bears responsibility for the security of the Windows platform, so Apple bears an equivalent obligation to work with third party software vendors - especially big ones like Oracle, run by Steve Jobs' best friend - to maintain the security of the Mac ecosystem. Its responsibility extends beyond the software it writes. Even John Gruber has now acknowledges that Flashback is an "epidemic" (because its infection rate is as big/bigger than the infection rate of the Windows Conflicker trojan) and a genuine problem. Pretending the "solution" to security holes is not to run software is ridiculous. Security holes area inevitable so they have to be patched quickly when found. Hopefully this will be bitter lesson for Apple to beef up their security practices.
Oracle is currently working on a Mac version of Java 7 for OS X, but the end user version won't be ready until the fall. Currently, only Apple distributes any version of Java for OS X.
Thanks for correcting my mistake. That only strengthens your point that Apple bears responsibility for this massive screwup.
Thanks for correcting my mistake. That only strengthens your point that Apple bears responsibility for this massive screwup.
I really don't see how. Sure, Oracle issued a patch a while ago, but Apple isn't going to just release the update through its servers without testing the update.
Moreover, the extent of the issue has only come to light recently when a third party security expert made its findings public. Apple has always evaluated threats before reacting. Nine out of ten times it is the right approach. Time will tell here.
Although there appears to be a significant number of Macs infected (I know nobody personally), there has been no real damage to users. The malware is merely being used for click link purposes, meaning companies like Google are likely the real victim. Maybe Apple is behind the malware.
But it's a Java problem?
Fortunately, Apple already has software that takes care of it.
It's called LION. Neither Flash nor Java come with Lion.
How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.
Amen!
Apple is doing good stuff now to fix the problem but these fixes are about 2 months too late. Apple owns this one. And to think I finally got my parents to buy a Mac last month...
1. your parents Mac won't have Java on it unless they go and download it, same with Flash
2. This is NOT Apple's software. In truth they have no obligation to do any fixes to Java or anything else. Oracle is to blame for the exploit and they should have fixed it and released the patches for Mac OS and they should be the ones writing the clean up software.
How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)?
No it doesn't. I know this because I'm on Youtube all the time and I have no Java on my computer. No Flash player either and don't need it thanks to the HTML5 alt player
How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)?
You don't though.
How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.
Are you smoking something or just dizzy from spinning stories? Java has nothing to do with watching a youtube video. Java is not even installed on my iMac yet youtube works just fine.
How many Mac users do you suppose there are who never access a YouTube video (which requires Java to be enabled)? Not many...meaning that Apple better plan on people downloading it even if Apple doesn't distribute it on Lion.
I think you mean Flash there. Also, you don't need to use Flash at all if it's using HTML5 video. Flash, PDF and Java are the biggest security issues ever invented.
What would we miss if Java went away?
There's your problem, there. Nobody should install Flash. Period.
Isn't flash required to use YouTube? There goes 95% of my fun!