Apple offers Flashback removal tool and strengthens iTunes accounts

09:04, 18/04/2012

Apple has released an update for Java on Macintosh computers running Mac OSX 10.6 and 10.7 ("Snow Leopard" and "Lion") which it says gets rid of the Flashback malware that has affected as many as 600,000 Macs worldwide.

Apple has released an update for Java on Macintosh computers running Mac OSX 10.6 and 10.7 ("Snow Leopard" and "Lion") which it says gets rid of the Flashback malware that has affected as many as 600,000 Macs worldwide. The tool is available through the company's built-in Software Update system.

The worst malware infection yet found on Apple systems seems to be subsiding rapidly
The worst malware infection yet found on Apple systems seems to be subsiding rapidly

Separately, the security company Symantec published research on Thursday night as the tool was released which suggests that the number of infected Macs has dropped precipitously since the existence of the infection was publicised.

It says that the number of infections fell from 600,000 on 6 April to 380,000 on 10 April, to around 270,000 on 11 April - suggesting a dramatic cleanup rate among Mac owners. The greatest source of infection remains the US, with almost half of all infections, Canada and the UK, it adds. Symantec has also offered its own removal tool.

The software update, Apple says, "removes the most common variants of the Flashback malware... This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets."

Users of the earlier 10.5 ("Leopard") verson of Mac OSX and its predecessors no longer receive security updates: they are advised to disable Java.

Symantec's analysis suggests that the suspected gang behind Flashback have been readying the latest version - which connects infected machines to command and control (C&C) servers around the net on a rotating basis, using random-looking domain names generated afresh each day - since 26 March.

iTunes account security

Meanwhile, users of iTunes logging into their online accounts to buy items from the store are being confronted with requests to add backup email addresses, and security questions to protect both their devices and accounts.

In the recent past a number of people whose accounts have been compromised - either through the use of weak easily-guessed passwords, or because they have handed them over to phishing attacks - have seen their accounts used to buy expensive apps.

(Source: Guardian)