Apple releases Java update with Flashback removal tool - Update
As expected, Apple has released an updated version of the Java implementation for its Mac OS X operating system that includes a removal tool for the Flashback trojan. According to the company, the update, labelled "Java for OS X 2012-003", finds and removes the "most common variants" of the malware which had infected approximately 600,000 systems using flaws in the previous version of Java.
Additionally, the new Java update for Mac OS X 10.7 Lion prevents Java applets from being automatically executed by disabling the Java web plugin by default. Users can re-enable the automatic execution of Java applets via the Java Preferences application (Applications ➤ Utilities ➤ Java Preferences). However, if the plugin detects that Java applets have not been run for "an extended period of time", it will automatically disable applet support again.
The company has also released another Java update (Java for Mac OS X 10.6 Update 8) for systems running Mac OS X 10.6 Snow Leopard which removes the Flashback trojan. However, unlike the update for 10.7 Lion, it does not disable Java applets by default. Apple recommends that users who do not use Java applets should manually disable the Java web plugin in their browser; instructions for disabling the Java plugin in Safari are provided.
Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 are available to download from Apple's Support Downloads site. Alternatively, users who previously installed Java on their systems can upgrade using the built-in Software Update function. All users are advised to install the updates.
Update 16-04-12: Apple has now released a standalone version of the Flashback removal tool for 10.7 Lion users without Java installed.
- Flashback trojan exploits unpatched Java vulnerability, a report from The H.
- Critical Java hole being exploited on a large scale, a report from The H.
- Flashback malware uses new infection technique, a report from The H.