Apple addresses Flashback malware, working on software fix

Cupertino acknowledges problem for the first time, tells users to disable Java

Apple is working on a fix which will 'detect and remove' the Flashback malware from what is believed to be over 600,000 infected Macs. The comments represent the first time Apple has acknowledged the flaw

Apple has made its first public comments regarding the so-called Flashback Trojan, which has reportedly infected over 600,000 desktop and laptop Mac computers running OS X.

The Flashback botnet, which entered the public consciousness last week, is capable of collecting usernames and passwords and monitoring the web use of infected machines.

The Trojan, which arose due to a security hole in Oracle's Java software rather than any fault in OS X, can then perform many of the machines critial functions without the permission of the user.

Now Apple says it is working hard on a software fix, which will detect and remove Flashback from any computer that encounters the Trojan, while also joining forces with internet service providers in order to take down the servers which can command the affected Macs.

In a post on the Support section of the Apple website, the company said: "A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

"Apple is developing software that will detect and remove the Flashback malware.

"In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

"For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences."

Apple had, so far, been loathe to acknowledge the existence of Flashback, but perhaps this response will ease the worries of Mac users concerned that their so-called virus-proof OS X device might actually be under threat.

Via: AllThingsD