Apple Delivers Flashback Malware Hunter-killer

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Two days after Apple promised to decontaminate Macs infested with the Flashback malware, on Thursday the company delivered.

Yesterday's newest Mac OS X Java update includes a tool that will "remove the most common variants of the Flashback malware," Apple's advisory read.

On Tuesday, Apple for the first time acknowledged the Flashback malware campaign that exploited a Java vulnerability to infect hundreds of thousands of Macs. At the same time, Apple pledged to craft a detect-and-delete tool that would scrub compromised machines of the attack code.

Apple easily bested the time it took last year to come up with a similar tool, one designed to eliminate MacDefender fake security software. Apple released the promised anti-MacDefender tool a week after it announced those plans.

Thursday's update also disables automatic execution of Java applets in the Java browser plug-in; the exploit used by Flashback to infect Macs was hidden inside a malicious Java applet hosted on compromised websites.

One of the reasons Flashback was able to infect so many Macs was because the Java plug-in automatically ran the offered applet. Apple's move is a step toward disabling Java, the advice most security experts have suggested to users.

Users can circumvent Java's new off-by-default setting by configuring Java's preferences. But even then, Apple will intercede.

"As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days," Apple said.

Java Web Start is an Oracle technology that lets users single-click launch a Java app from within a browser without first downloading it to the machine.

Java has an increasingly tenuous link to Mac OS X: Last July, Apple dropped Java from OS X 10.7, aka Lion, although it continues to issue Java patches for both Lion and Snow Leopard, or OS X 10.6.

In related news, Kaspersky Lab, one of the antivirus companies actively analyzing Flashback, pulled its free malware removal tool after reports that the utility was wiping some user settings.

Kaspersky launched the Flashback Removal Tool on Monday.

Also on Thursday, Symantec issued its own free detect-delete tool, posting a download link on a page touting its Mac-specific antivirus program, Norton Antivirus 12 for Mac.

Apple's latest Java update can be download from Apple's website for Snow Leopard or Lion: They weigh in at 80MB and 67MB, respectively. Mac OS X users with Java installed will be automatically alerted by Software Update.

Users running Leopard (OS X 10.5) or earlier must manually disable or remove Java from their Macs, as Apple no longer supports those older editions. That user pool is large: About one-in-six Macs are powered by an unsupported version of OS X.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

This story, "Apple Delivers Flashback Malware Hunter-killer" was originally published by Computerworld.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon