Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
62,949
29,641



apple_security_icon-150x168.jpg


Apple published a support document this evening regarding the Flashback malware that affects OS X computers. We previously detailed the software which began life last year as a trojan and has morphed into a drive-by download taking advantage of a vulnerability in Java that Apple did not patch until last week.

The malware is said to have infected over 600,000 Macs worldwide. While 3rd party tools have been developed to test for the infection, Apple reveals they are working on their own tool to detect and remove the software:
Apple is developing software that will detect and remove the Flashback malware.
In addition, Apple has been working with ISPs worldwide to disable the servers that send commands to the malware.

Article Link: Apple Developing Software to Remove Flashback Malware
 

maccompatible

macrumors 6502
Mar 26, 2012
265
3
and they said macs dont get viruses

They don't. This is a Trojan that's downloaded through a java exploit. Viruses are programs that run and do odd things without your permission. Trojans are different. Every computer is susceptible to Trojans, except for walled garden computers like the iPad and a few Linux distros.
 

Rocketman

macrumors 603
Macs don't get malware, Java does. Apple is rapidly developing multi-variate threads to address the installs, servers, inflection points and software vulnerabilities.

If credit cards and SSN number servers can be attacked with more substantial and numerical problems can occur, it's not news a mere 600k of the multi-million installed Macs can have a trojan with sent info that is harder to exploit because it is too diverse and numerous in volume.

Rocketman
 

chrono1081

macrumors G3
Jan 26, 2008
8,398
4,002
Isla Nublar
and they said macs dont get viruses

Who said that? Apple didn't. This is straight from their page:

Is a Mac safe from PC viruses?
Yes. The OS X operating system isn’t susceptible to the thousands of viruses plaguing Windows-based computers. And although no computer connected to the Internet is completely immune to all viruses and spyware, OS X has built-in defenses designed with your safety in mind. The Mac web browser, Safari, alerts you whenever you’re downloading an application — even if it’s disguised as a picture or movie file. And Apple continually makes free security updates available for Mac owners. You can even have them download automatically.

Not to mention this isn't a virus its a trojan, two completely different things.

Better than what Redmond would do.

To be fair Microsoft has Windows Malicious Software Removal tool which *sometimes* does a good job at removing malware.
 

andiwm2003

macrumors 601
Mar 29, 2004
4,380
444
Boston, MA
Is there any realistic chance that the guys who created this malware get caught?

I hope this lowlifes eventually get what they deserve.
 

feeze

macrumors member
Jun 10, 2004
46
0
Bathurst, Australia
Better than what Redmond would do.

What exactly would Redmond have done? My guess is that they would of patched the bug back in February when Oracle released the patch as opposed to Apple's current practice of reactively releasing patches after an outbreak or after a security researcher gets fed up and publicly announces a vulnerability. It's worrying over the years how many instances there has been of researchers submitting a vulnerability to Apple, only to have Apple do nothing, and then when the researcher publicly releases the vulnerability Apple magically has a patch for it within a few days.

We can accuse Microsoft of many things, but not taking security seriously is not one of them. Yes, there was a time were they were hopeless but they got burned too many times and changed their attitude. They're not infallible and neither is their product but their attitude towards security and the security community puts Apple to shame.

Apple dropped the ball on this one. Things like this happen, Apple is not perfect and no one expects them to be. But instead of blindly defending them we, the Mac community and their customers, should be saying to Apple, "This is not acceptable, things have got to change. Waiting till after a serious outbreak to patch a vulnerability that was vendor patched months ago is not acceptable."

Blindly defending Apple and getting into pedantic arguments over definitions, validity of numbers, etc achieves nothing. Demanding better from Apple benefits everybody.
 

ddarko

macrumors 6502
May 7, 2007
290
61
OS-X doesn't get viruses, Java does. :p

You realize Apple makes and distributes Java for the Mac under license from Oracle? If you try to download Java for Mac from Oracle's site directly, you'll find this message:

Apple supplies their own version of Java. Use the Software Update feature (available on the Apple menu) to check that you have the most up-to-date version of Java for your Mac.

The ONLY way to get Java on the Mac is from Apple. Apple may not preinstall Java on Macs anymore but when you want it, you get it from Apple. That's why updates for Java are also pushed out through the built-in OS software update. It's the way it's worked for years.

Oracle publicly released the fix for this security hole on Windows in February. Apple is the ONLY one who could have released the fix for Mac Java because it writes and distributes Mac Java. It waited until after Flashback installed itself on 600,000 Macs to release the fix. Who's at fault here?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.