• Home

AVG CodeWord: Apple Flashback

Malware lessons in Apple’s back yard

Although Apple’s desktop and mobile operating systems have largely suffered from fewer IT security attacks over the years, the increasing popularity of the manufacturer’s products and the cumulative sophistication and diversification of attacks has ultimately given rise to malware targeted towards Mac OS X and iOS based devices.

The outbreak of Flashback malware this year led to what has been estimated to be around infected 650,000 Mac computers worldwide. For those who may have missed the initial announcements, a “sophisticated” Trojan was identified which was capable of hijacking users’ search results and stealing user data before going on to install further malware on the host machine under attack.

In response to the arrival of this malware, Apple issued two Java security updates – one for Mac OS X 10.7 (Lion) and one for 10.6 (Snow Leopard).  Apple announced that the ‘Flashback Removal Security Update’ can be downloaded and installed via any Mac’s Software Update preferences, or from Apple Downloads.

Default Apple settings mean that Software Updates are searched for once a week anyway, but users will need to have accepted and initiated the process to make this happen.

Apple has also issued a support document, to explain that users running older 10.5 (and earlier) versions of its desktop operating systems should, “Better protect yourself from this malware by disabling Java in your web browser(s) preferences.”

At a higher level in the wake of this Trojan and the botnet command-and-control network that it opened a gateway to, Apple has said that it is working with ISPs (Internet Service Providers) to disable the malware at its core.

These exploits were carried out with the intention of attacking Java and its implementation on Apple machines. Overseeing steward of the Java language and platform Oracle has already issued security updates for the software back in February of 2012.

One users have updated their Apple operating system they will be able to run the Flashback malware removal tools which, according to Apple, will remove the “most common variants” of the Flashback malware. “If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found,” says the company.

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.