Apple Hits Flashback Trojan With Second Java Update
By Jared Newman
Apple has issued a second security update aimed at Flashback, the Mac malware that has reportedly infected 600,000 computers since last year.
As Intego notes, the Java for OS X 2012-002 update appears to be same as the one Apple issued earlier this week, but the latest update is aimed only at Max OS X Lion users. It’s possible, Intego says, that Apple found a glitch in the first update that would make a new release necessary.
The update “delivers improved compatibility, security and reliability by updating Java SE 6 to Java 1.6.0_31,” Apple’s update prompt says.
Security companies first discovered the Flashback trojan last September. At the time, the malware masqueraded as an update for Adobe Flash, but as of April, Flashback was infecting users who visited compromised Websites, without requiring a password for installation. Apple patched the vulnerability this week, but not before 600,000 users were infected according to antivirus vendor Dr. Web. (Other firms have said they can’t confirm the number of infections.)
Intego recommends installing the latest update right away. “The Flashback malware has been very active in the wild, and can install with no user interaction, if Java is not patched,” the company says in a blog post.