Following the recent uproar over the epidemic of infected Macs, Apple has now released the third Java update in a week for Mac OS X. This update contains, as promised, the tool to remove the Flashback malware from infected systems. The new update does not address any new vulnerabilities the first two updates did not already patch, but it does deal with the damage and proactively reduces the security risk for Mac users.

The newest Mac OS X Java update, released on Thursday, April 12, includes a tool that will "remove the most common variants of the Flashback malware," according to Apple's advisory.

Apple acknowledged the Flashback malware for the first time on Tuesday, April 10. The Flashback malware campaign is slated to be the biggest infection yet to target the Mac platform, having infected more than half a million Macs by exploiting Java vulnerability. Apple promised to provide a detection and removal tool to rid compromised Macs of the malware, and two days later it delivered.

Last year, Apple faced issues with MacDefender fake security software, and had to come up with a similar tool to eliminate it. Just like now, it promised to release a tool to fix the issue, but it took a week until Apple released the anti-MacDefender tool. One year seems to allow for plenty of improvements, as now it only took two days for Apple to come up with the promised update.

No More Automatic Execution of Java Applets

The vulnerability exploited by Flashback to infect Macs was hidden inside a malicious Java applet, hosted on compromised Web sites. The Java plug-in automatically ran the offered applet, which is one of the reasons the malware was able to infect such a large number of Macs. To avoid such exploits in the future, Thursday's update also disables automatic execution of Java applets in the Java browser plug-in. In addition, it will disable Java if unused for 35 days.

"This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application," reads Apple's advisory. "If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets."

The latest Java update is available for download for Snow Leopard or Lion, and Mac OS X users will be automatically alerted by Software Update if they have Java installed. Users running OS X 10.5, a.k.a. Leopard, or earlier, must manually disable or remove Java from their Macs, because Apple no longer supports these editions.

(reported by Alexandra Burlacu, edited by Surojit Chatterjee)

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.