Home Business IT Security Flashback forces Apple into the real world
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


For the first timer ever, the Flashback malware has forced Apple to respond before their solution was complete.

 

Commencing in September last year, iTWire has written extensively about the Flashback malware.

Latest reports suggest that well over 650,000 Macs are afflicted with this disease, perhaps as many as 50,000 of them in Australia.

Information that describes the effect of Flashback and how to remove it may be found here for example; but there are plenty of other similar sites.

The first thing to point out with this vulnerability is that, despite the name, it has nothing to do with Adobe Flash; instead it is a Java issue - Java is an Oracle product, which came from the Sun Microsystems acquisition.  Originally Flashback came as a phoney Flash installer, but that ruse is long gone.

However, as easy as it might be to point at Oracle and say, "it's your product, your problem," one must be reminded that on Mac OSX, Java is provided by Apple, not Oracle.  In 10.6 and earlier it was a core component of the OS and in 10.7 it is an official Apple add-on.

In the past, as Paul Ducklin of Sophos notes, Apple would say nothing about exposed vulnerabilities until they had them fully analysed and a tested solution available.

Not any more.

Advisory HT5244 clearly spells out the issues and states, "Apple is developing software that will detect and remove the Flashback malware."

This seems to be a first.

Apple has already developed a patch for the Java vulnerability, which is available via HT5244, but only for 10.6 and 10.7.  There is no word on when (if ever) 10.5 and earlier versions will be fixed.  This patch is only of use to those Macs not yet affected.

In the interim, Apple recommends that Java be disabled on these earlier versions, which may or may not suit the needs of individual users.  Additionally, Apple is working with ISPs worldwide to discover and neutralise the Command & Control servers in charge of this fleet of affected computers.

Steve Jobs famously refused to enable Flash on the iDevices, stating, "We don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash."  One wonders if Steve's successors may start having similar thoughts about Java on the OSX platform.

 

ITWIRE SERIES - REVENUE-CRITICAL APPS UNDERPERFORMING?

Avoid War Room Scenarios and improve handling of critical application problems:

• Track all transactions, end-to-end, all the time and know what your users experience 24/7

• View code level details with context and repair problems quickly

• Fix problems in minutes before they wreak havoc

• Optimize your most important applications, Java, .NET, PHP, C/C++ and many more

Start your free trial today!

CLICK FOR FREE TRIAL!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect