Apple patches Java hole as Flashback virus infects over 600K computers

Michael Santo's picture

Mac fans have long trumpeted the invulnerability of the OS, but as most analysts would tell you, the platform was not "free" of malware because it was bulletproof, but because its market share was so low that malware writers didn't feel it was worth their time, and times, they are a'changin', with a Mac virus known as Flashback said to infect 600,000 computers.

Apple issued two releases last week to update Java on OS X to 1.6.0_31. The second of the two patches was aimed only at Max OS X Lion users, so although the company did not clarify, it's possible that it discovered a bug in its first update that would make a new release for Lion necessary.

To be clear, the Mac virus isn't targeting the OS itself. Instead, it exploits a vulnerability in Java. While not directly OS related, it's no different that malware that targets Windows computers by targeting vulnerabilities in say, Adobe Reader or even, once again, Java.

The antivirus software that is virtually required on Windows PCs doesn't just protect the OS; it also protects against viruses that infect computers via third-party software. Although some were quick to point out this wasn't an issue with Mac OS X itself, that's not the point: the main point is that virus writers are now taking the time to target Mac computers, and that even "invulnable-feeling Mac users" need to protect themselves with antivirus software.

Security companies first discovered the Flashback Mac virus last September. Then, it was masquerading as an update for Adobe Flash, but more recently, malware writers modified the code such that Flashback was infecting users who visited compromised Websites, without requiring a password for installation.

This is where, of course, antivirus software could have protected a user faster than an Apple patch (a number of well-known Windows security firms have released Mac antivirus, including BitDefender, Norton, Eset and Kaspersky, among others). That said, the Apple patch fixes the vulnerability. Still, according to security firm Dr. Web, 600,000 users have already been infected. Other security firms have not verified that number.

As security firm Intego (which has its own Mac antivirus software) notes, this fix should be installed ASAP. "In any case, it is essential that all Mac users apply this update. The Flashback malware has been very active in the wild, and can install with no user interaction, if Java is not patched."

Image Source: Wikimedia Commons

Add new comment