Apple’s Java patch removes Flashback, but not all variants
Earlier this week, Apple promised a way to remove the Flashback trojan and has now delivered, but with a serious caveat — these Lion and Snow Leopard patches remove the most common but not all versions of the malware, which has infected more than 600,000 Macs around the world.
“This Java security update removes the most common variants of the Flashback malware,” informs Apple’s Software Update app, which means that an unknown number of users will still be infected even after installing the relevant patch.
Java for OS X Lion 2012-003, download
— Java for OS X Lion 2012-002 delivers improved JSE 6 reliability, security and compatibility
— This update fixes a bug that could affect users of the Xcode or Application Loader tools
See also: Top 10 free ways to secure your Mac
Additionally, both Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 bring some unexpected functionality in that Java will automatically disable itself if no applets have been run for an extended period of time, though Apple doesn’t say how long.
If the user re-enables Java, it will again automatically disable itself after a period of inactivity.
Plans B, C and D
Although OpenDNS won’t remove an existing FlashBack infection, the free DNS service claims it can block new infections and prevent existing infections from communicating with Command & Control servers, obviating danger.
That said, the best way to avoid the issue is to not install Java at all, uninstall it or disable Java in Safari until it’s needed.
Personally, I have pursued an all of the above approach, having installed Apple’s latest Java update, checked for FlashBack via the command line (null), run ClamXav and have implemented OpenDNS.
See Topher Kessler’s excellent A look at Apple’s Flashback removal tool for a thorough explanation of how the malware gets removed and what to do should things go awry.