Just two days after Apple promised customers that it would decontaminate Mac computers plagued by the Flashback malware the company has finally delivered. Apple just released its newest Mac OS X Java update yesterday, an update that includes a tool that will, as an Apple advisory states, “remove the most common variants of the Flashback malware.”
Apple just acknowledged the malware as of Tuesday, which exploited a vulnerability in Java to infect hundreds of thousands of Mac computers. Apple on Tuesday also vowed to craft a detect-and-delete tool that would clean compromised Macs of the Flashback attack code.
This fix comes way faster than the last time Apple had to make a tool to fix malware. The last tool was designed to take out the MacDefender fake security software virus. Apple promised a fix to the bug that was tricking users all across the internet but didn’t deliver until an entire week later.
This new update also disables automatic execution of Java applets in the Java browser plug-in. The exploit that Flashback uses was hidden inside a malicious Java applet that was hosted on compromised websites. Flashback was able to infect so many Macs because the Java plug-in automatically ran the offered applet. This move by Apple brings them one step closer to disabling Java altogether, something that most security experts suggest users do already.
However, you can get around the auto-off default setting if you want to. All you have to do is manually configure Java’s settings, though Apple will still step in to stop you. According to the company, “As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days.”
Source: Computer World – Apple delivers Flashback malware hunter-killer