Home Business IT Security Flashback forces Apple into the real world


JUser: :_load: Unable to load user with ID: 3018

Flashback forces Apple into the real world

  • 12 April 2012
  • Written by 
  • Published in Security

For the first timer ever, the Flashback malware has forced Apple to respond before their solution was complete.


Commencing in September last year, iTWire has written extensively about the Flashback malware.

Latest reports suggest that well over 650,000 Macs are afflicted with this disease, perhaps as many as 50,000 of them in Australia.

Information that describes the effect of Flashback and how to remove it may be found here for example; but there are plenty of other similar sites.

The first thing to point out with this vulnerability is that, despite the name, it has nothing to do with Adobe Flash; instead it is a Java issue - Java is an Oracle product, which came from the Sun Microsystems acquisition.  Originally Flashback came as a phoney Flash installer, but that ruse is long gone.

However, as easy as it might be to point at Oracle and say, "it's your product, your problem," one must be reminded that on Mac OSX, Java is provided by Apple, not Oracle.  In 10.6 and earlier it was a core component of the OS and in 10.7 it is an official Apple add-on.

In the past, as Paul Ducklin of Sophos notes, Apple would say nothing about exposed vulnerabilities until they had them fully analysed and a tested solution available.

Not any more.

Advisory HT5244 clearly spells out the issues and states, "Apple is developing software that will detect and remove the Flashback malware."

This seems to be a first.

Apple has already developed a patch for the Java vulnerability, which is available via HT5244, but only for 10.6 and 10.7.  There is no word on when (if ever) 10.5 and earlier versions will be fixed.  This patch is only of use to those Macs not yet affected.

In the interim, Apple recommends that Java be disabled on these earlier versions, which may or may not suit the needs of individual users.  Additionally, Apple is working with ISPs worldwide to discover and neutralise the Command & Control servers in charge of this fleet of affected computers.

Steve Jobs famously refused to enable Flash on the iDevices, stating, "We don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash."  One wonders if Steve's successors may start having similar thoughts about Java on the OSX platform.



Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service