Home » Mac, Software

Apple’s Java patch removes Flashback, but not all variants

13 April 2012 3,053 views 6 Comments

Earlier this week, Apple promised a way to remove the Flashback trojan and has now delivered, but with a serious caveat — these Lion and Snow Leopard patches remove the most common but not all versions of the malware, which has infected more than 600,000 Macs around the world.

“This Java security update removes the most common variants of the Flashback malware,” informs Apple’s Software Update app, which means that an unknown number of users will still be infected even after installing the relevant patch.

Java for OS X Lion 2012-003, download
— Java for OS X Lion 2012-002 delivers improved JSE 6 reliability, security and compatibility
— This update fixes a bug that could affect users of the Xcode or Application Loader tools

Java for Mac OS X 10.6 Update 8, download
— Java for Mac OS X 10.6 Update 7 delivers improved JSE 6 reliability, security and compatibility

See also: Top 10 free ways to secure your Mac

Additionally, both Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 bring some unexpected functionality in that Java will automatically disable itself if no applets have been run for an extended period of time, though Apple doesn’t say how long.

If the user re-enables Java, it will again automatically disable itself after a period of inactivity.

Plans B, C and D

You can detect and remove FlashBack via the command line. And, of course, a range of antivirus apps can diagnose and remove the infection — I run ClamXav (free, Mac App Store).

Although OpenDNS won’t remove an existing FlashBack infection, the free DNS service claims it can block new infections and prevent existing infections from communicating with Command & Control servers, obviating danger.

That said, the best way to avoid the issue is to not install Java at all, uninstall it or disable Java in Safari until it’s needed.

Personally, I have pursued an all of the above approach, having installed Apple’s latest Java update, checked for FlashBack via the command line (null), run ClamXav and have implemented OpenDNS.

See Topher Kessler’s excellent A look at Apple’s Flashback removal tool for a thorough explanation of how the malware gets removed and what to do should things go awry.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.