Don’t think Apple’s done enough, after two Java-related security patches, to address a much-reported Mac malware vulnerability? The company says it has new safeguarding measures in the offing.
In a support doc titled “About Flashback malware,” Apple admitted Tuesday night that it was working on software to directly detect and remove the malware. That’s in response to word last week that over half a million Macs had been infected by a trojan virus that, once installed, transmits information from a user’s computer to remote servers.
The malware — dubbed “Flashback Trojan,” after a virus that originally surfaced in September 2011 — was first publicized by Russian antivirus company Dr.Web. The malware uses a Java exploit to download an executable file to a user’s hard drive after visiting infected websites, after which the “malicious payload” notifies servers run by the malware’s authors of its install success before sending along more information. In addition to developing the detection/removal tool, Apple says it’s also targeting those servers:
In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.
Apple issued two Java updates last week to address the exploit, “Java for OS X Lion 2012-001” and “Java for OS X Lion 2012-002.” The first update was listed as supporting both Lion and Snow Leopard, where the second only lists Lion as supported. Various sites have laid out instructions on how to remove the Flashback malware if you’ve been infected: F-Secure’s overview remains the best.
It’s rare to see Apple paying so much public attention to malware, but then it’s rare to see Apple malware receive so much attention in general. U.S. Mac owners will want to pay close attention to Apple’s updates, since Dr.Web — whose findings were later confirmed by Kapersky Lab — reported that over half the total worldwide systems infected live on this side of the pond, followed distantly by Canadian, U.K. and Australian Mac users.
When will Apple’s tool surface? Apple doesn’t give us a timeframe (the company rarely does for anything), but presumably soon, given this particular trojan’s visibility level.