Home Business IT Security Flashback forces Apple into the real world

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Job Function:
Australian State:
Email marketing by Interspire
weebly statistics

For the first timer ever, the Flashback malware has forced Apple to respond before their solution was complete.


Commencing in September last year, iTWire has written extensively about the Flashback malware.

Latest reports suggest that well over 650,000 Macs are afflicted with this disease, perhaps as many as 50,000 of them in Australia.

Information that describes the effect of Flashback and how to remove it may be found here for example; but there are plenty of other similar sites.

The first thing to point out with this vulnerability is that, despite the name, it has nothing to do with Adobe Flash; instead it is a Java issue - Java is an Oracle product, which came from the Sun Microsystems acquisition.  Originally Flashback came as a phoney Flash installer, but that ruse is long gone.

However, as easy as it might be to point at Oracle and say, "it's your product, your problem," one must be reminded that on Mac OSX, Java is provided by Apple, not Oracle.  In 10.6 and earlier it was a core component of the OS and in 10.7 it is an official Apple add-on.

In the past, as Paul Ducklin of Sophos notes, Apple would say nothing about exposed vulnerabilities until they had them fully analysed and a tested solution available.

Not any more.

Advisory HT5244 clearly spells out the issues and states, "Apple is developing software that will detect and remove the Flashback malware."

This seems to be a first.

Apple has already developed a patch for the Java vulnerability, which is available via HT5244, but only for 10.6 and 10.7.  There is no word on when (if ever) 10.5 and earlier versions will be fixed.  This patch is only of use to those Macs not yet affected.

In the interim, Apple recommends that Java be disabled on these earlier versions, which may or may not suit the needs of individual users.  Additionally, Apple is working with ISPs worldwide to discover and neutralise the Command & Control servers in charge of this fleet of affected computers.

Steve Jobs famously refused to enable Flash on the iDevices, stating, "We don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash."  One wonders if Steve's successors may start having similar thoughts about Java on the OSX platform.



Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!



Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.