Home Business IT Security Flashback forces Apple into the real world

For the first timer ever, the Flashback malware has forced Apple to respond before their solution was complete.


Commencing in September last year, iTWire has written extensively about the Flashback malware.

Latest reports suggest that well over 650,000 Macs are afflicted with this disease, perhaps as many as 50,000 of them in Australia.

Information that describes the effect of Flashback and how to remove it may be found here for example; but there are plenty of other similar sites.

The first thing to point out with this vulnerability is that, despite the name, it has nothing to do with Adobe Flash; instead it is a Java issue - Java is an Oracle product, which came from the Sun Microsystems acquisition.  Originally Flashback came as a phoney Flash installer, but that ruse is long gone.

However, as easy as it might be to point at Oracle and say, "it's your product, your problem," one must be reminded that on Mac OSX, Java is provided by Apple, not Oracle.  In 10.6 and earlier it was a core component of the OS and in 10.7 it is an official Apple add-on.

In the past, as Paul Ducklin of Sophos notes, Apple would say nothing about exposed vulnerabilities until they had them fully analysed and a tested solution available.

Not any more.

Advisory HT5244 clearly spells out the issues and states, "Apple is developing software that will detect and remove the Flashback malware."

This seems to be a first.

Apple has already developed a patch for the Java vulnerability, which is available via HT5244, but only for 10.6 and 10.7.  There is no word on when (if ever) 10.5 and earlier versions will be fixed.  This patch is only of use to those Macs not yet affected.

In the interim, Apple recommends that Java be disabled on these earlier versions, which may or may not suit the needs of individual users.  Additionally, Apple is working with ISPs worldwide to discover and neutralise the Command & Control servers in charge of this fleet of affected computers.

Steve Jobs famously refused to enable Flash on the iDevices, stating, "We don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash."  One wonders if Steve's successors may start having similar thoughts about Java on the OSX platform.



Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.