Apple yesterday released a tool designed to remove Flashback malware.
“This is the third update released by the company this week, as the first two closed the Java vulnerability that Flashback was exploiting to infect users in the first place,” writes PCMag.com’s Fahmida Y. Rashid. “The latest update is essentially the same update closing the vulnerability, but with the removal tool bundled in.”
“Additionally, the new Java update for Mac OS X 10.7 Lion prevents Java applets from being automatically executed by disabling the Java web plugin by default,” The H Security reports.
“If a user re-enables this feature — to use a web-based Java applet, for example — the Java web plug-in starts a counter and disables Java again after a specified interval,” writes ZDNet’s Ed Bott.
“If you’re using Snow Leopard, disabling Java in your browser won’t happen automatically,” notes Sophos’ Paul Ducklin. “It looks as though the Java applet autodisabler is Lion-only.”
“The company had announced earlier in the week that it would deploy software to detect and remove the Flashback malware from users’ computers, which first began appearing on Mac computers back in September,” writes TechCrunch’s Sarah Perez.
“Apple easily bested the time it took last year to come up with a similar tool, one designed to eliminate MacDefender fake security software,” writes Computerworld’s Gregg Keizer. “Apple released the promised anti-MacDefender tool a week after it announced those plans.”
“The Flashback Trojan created a zombie army of remote-controllable 650,000 Apple Macs, or more, by exploiting a Java security vulnerability that Apple only patched last week, six weeks after a patch for Windows machines became available,” writes The Register’s John Leyden.