According to Zdnet, there are reports that up to 1 percent of all installed Macs in the world were infected by the Flashback Trojan. All Macs that have Java installed are vulnerable to this trojan. While most Macs are running the OS X Snow Leopard and Lion versions, there are older Mac OS X installs which are running the Mac OS X Tiger and Leopard versions. How many Macs run these older flavors of OS X? We’re talking up to 25 percent of all Macs in the world. That is a huge vulnerable installed base! They are vulnerable because they aren’t covered by the security fix posted by Apple recently. Apple has released a fix for the Mac OS X Snow Leopard and Lion versions. Thankfully, owners of Tiger and Leopard versions can use the following quick fix to patch up their Java-based security vulnerability.
Before we share the quick security fix, you can easily figure out if your machine has been infected by the Flashback trojan by using the F-Secure website’s Terminal checking routine. Once you’ve done this, go to your browser and turn off Java. If you are using Safari, go to Security Preference to find this option. If you don’t want just browser-based protection, you can disable Java entirely on your machine. Go to Applications, get in the Utilities Folder. Find the Java Preferences and turn off Java. Keep in mind that the CrashPlan Pro client requires Java. If you turn off Java, you won’t be able to use this application.
While Apple has been working on preventing the damage caused by the exploitation of vulnerable software, these efforts haven’t been perfect so far. While they stop the exploited software to dig deep into the security layers of your machine, things can get cloudy due to the large array of complex applications which use Adobe Flash or Java. While this approach is commendable and does offer some protection, Apple needs to step up its efforts to patch up vulnerable software in a very short period of time. The success of the Flashback trojan might inspire other malware coders to quickly find a wide range of vulnerable applications and launch more attacks in the future.