Home Business IT Security Flashback forces Apple into the real world

For the first timer ever, the Flashback malware has forced Apple to respond before their solution was complete.


Commencing in September last year, iTWire has written extensively about the Flashback malware.

Latest reports suggest that well over 650,000 Macs are afflicted with this disease, perhaps as many as 50,000 of them in Australia.

Information that describes the effect of Flashback and how to remove it may be found here for example; but there are plenty of other similar sites.

The first thing to point out with this vulnerability is that, despite the name, it has nothing to do with Adobe Flash; instead it is a Java issue - Java is an Oracle product, which came from the Sun Microsystems acquisition.  Originally Flashback came as a phoney Flash installer, but that ruse is long gone.

However, as easy as it might be to point at Oracle and say, "it's your product, your problem," one must be reminded that on Mac OSX, Java is provided by Apple, not Oracle.  In 10.6 and earlier it was a core component of the OS and in 10.7 it is an official Apple add-on.

In the past, as Paul Ducklin of Sophos notes, Apple would say nothing about exposed vulnerabilities until they had them fully analysed and a tested solution available.

Not any more.

Advisory HT5244 clearly spells out the issues and states, "Apple is developing software that will detect and remove the Flashback malware."

This seems to be a first.

Apple has already developed a patch for the Java vulnerability, which is available via HT5244, but only for 10.6 and 10.7.  There is no word on when (if ever) 10.5 and earlier versions will be fixed.  This patch is only of use to those Macs not yet affected.

In the interim, Apple recommends that Java be disabled on these earlier versions, which may or may not suit the needs of individual users.  Additionally, Apple is working with ISPs worldwide to discover and neutralise the Command & Control servers in charge of this fleet of affected computers.

Steve Jobs famously refused to enable Flash on the iDevices, stating, "We don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash."  One wonders if Steve's successors may start having similar thoughts about Java on the OSX platform.



Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities