New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Developing Software to Remove Flashback Malware

Apple published a support document this evening regarding the Flashback malware that affects OS X computers. We previously detailed the software which began life last year as a trojan and has morphed into a drive-by download taking advantage of a vulnerability in Java that Apple did not patch until last week.

The malware is said to have infected over 600,000 Macs worldwide. While 3rd party tools have been developed to test for the infection, Apple reveals they are working on their own tool to detect and remove the software:
Apple is developing software that will detect and remove the Flashback malware.
In addition, Apple has been working with ISPs worldwide to disable the servers that send commands to the malware.



Top Rated Comments

(View all)

93 months ago

Better than what Redmond would do.


What exactly would Redmond have done? My guess is that they would of patched the bug back in February when Oracle released the patch as opposed to Apple's current practice of reactively releasing patches after an outbreak or after a security researcher gets fed up and publicly announces a vulnerability. It's worrying over the years how many instances there has been of researchers submitting a vulnerability to Apple, only to have Apple do nothing, and then when the researcher publicly releases the vulnerability Apple magically has a patch for it within a few days.

We can accuse Microsoft of many things, but not taking security seriously is not one of them. Yes, there was a time were they were hopeless but they got burned too many times and changed their attitude. They're not infallible and neither is their product but their attitude towards security and the security community puts Apple to shame.

Apple dropped the ball on this one. Things like this happen, Apple is not perfect and no one expects them to be. But instead of blindly defending them we, the Mac community and their customers, should be saying to Apple, "This is not acceptable, things have got to change. Waiting till after a serious outbreak to patch a vulnerability that was vendor patched months ago is not acceptable."

Blindly defending Apple and getting into pedantic arguments over definitions, validity of numbers, etc achieves nothing. Demanding better from Apple benefits everybody.
Rating: 28 Votes
93 months ago

and they said macs dont get viruses


They don't. This is a Trojan that's downloaded through a java exploit. Viruses are programs that run and do odd things without your permission. Trojans are different. Every computer is susceptible to Trojans, except for walled garden computers like the iPad and a few Linux distros.
Rating: 25 Votes
93 months ago

OS-X doesn't get viruses, Java does. :p


You realize Apple makes and distributes Java for the Mac under license from Oracle? If you try to download Java for Mac from Oracle's site directly, you'll find this message:

Apple supplies their own version of Java. Use the Software Update feature (available on the Apple menu) to check that you have the most up-to-date version of Java for your Mac.


The ONLY way to get Java on the Mac is from Apple. Apple may not preinstall Java on Macs anymore but when you want it, you get it from Apple. That's why updates for Java are also pushed out through the built-in OS software update. It's the way it's worked for years.

Oracle publicly released the fix for this security hole on Windows in February. Apple is the ONLY one who could have released the fix for Mac Java because it writes and distributes Mac Java. It waited until after Flashback installed itself on 600,000 Macs to release the fix. Who's at fault here?
Rating: 19 Votes
93 months ago

and they said macs dont get viruses


Look up the definition of a virus then look up the definition of a trojan. Enjoy :)
Rating: 15 Votes
93 months ago
I just love how sheep continue to spin this by saying, "It's not a virus, it's a trojan.", "It's not a virus, it's malware.", etc....
BOTTOM LINE: To the everyday user who bought a Mac because "it doesn't get viruses", IT'S AN INFECTION. End of story. Virus, Malware, Trojan, or whatever, the everyday user doesn't care about the technical definitions. To them it just means problems they don't want. So stop trying to get technical about it. That's Apple's job when trying to come out with a patch.
With Apple's popularity, did you really think it wasn't going to get the attention of the mischievous ones. It's only gonna get worse from here. So strap yourselves in and get ready, it's gonna be a bumpy ride.
Rating: 15 Votes
93 months ago

and they said macs dont get viruses


Who said that? Apple didn't. This is straight from their page:

Is a Mac safe from PC viruses?
Yes. The OS X operating system isn’t susceptible to the thousands of viruses plaguing Windows-based computers. And although no computer connected to the Internet is completely immune to all viruses and spyware, OS X has built-in defenses designed with your safety in mind. The Mac web browser, Safari, alerts you whenever you’re downloading an application — even if it’s disguised as a picture or movie file. And Apple continually makes free security updates available for Mac owners. You can even have them download automatically.


Not to mention this isn't a virus its a trojan, two completely different things.

Better than what Redmond would do.


To be fair Microsoft has Windows Malicious Software Removal tool which *sometimes* does a good job at removing malware.
Rating: 12 Votes
93 months ago

You realize Apple makes and distributes Java for the Mac under license from Oracle? If you try to download Java for Mac from Oracle's site directly, you'll find this message:



The ONLY way to get Java on the Mac is from Apple. Apple may not preinstall Java on Macs anymore but when you want it, you get it from Apple. That's why updates for Java are also pushed out through the built-in OS software update. It's the way it's worked for years.

Oracle publicly released the fix for this security hole on Windows in February. Apple is the ONLY one who could have released the fix for Mac Java because it writes and distributes Mac Java. It waited until after Flashback installed itself on 600,000 Macs to release the fix. Who's at fault here?


Too the words right out of my mouth.

As much of a machead as I am... even *I* can't gloss over the fact Apple dropped the ball on this. It's their Java that got corn-holed and only they could fix it. Yet most everyone here still defends this incompetence. :eek: (And somehow Microsoft even gets dragged into it :))

And so much for nothing being able to infect OSX without user permission. Apples Java version allows this to happen by default.
Rating: 11 Votes
93 months ago
Apple should just buy Juan Leon's Flashback Checker for $1 Billion.
Rating: 9 Votes
93 months ago
Macs don't get viruses. Only PCs.
Rating: 7 Votes
93 months ago

Better than what Redmond would do.


Ever heard of Patch Tuesday?
Rating: 7 Votes

[ Read All Comments ]