Apple Protects OS X 10.5 Leopard From Flashback Malware

Apple issued an update that will detect and remove the Flashback exploit, which at one time had infected more than 600,000 Macs worldwide.

Apple has released a tool that will detect and remove the notorious Flashback malware from Macs running the older Mac OS X 10.5 Leopard operating system.

Apple in April had issued a similar tool for the current Mac OS X 10.7 Lion and more recent 10.6 Snow Leopard operating systems, but until May 14 hadn€™t released a similar update for those Mac users who have yet to upgrade their systems to the newer OSes. And some Macs running the Leopard operating system also were impacted by the Flashback malware, which at its height had infected more than 600,000 Macs worldwide, or more than 1 percent of all the Macs in use.

The newest update, a 1.23MB download, €œremoves the most common variants of the Flashback malware,€ Apple said in a note on the company€™s site. €œIf the Flashback malware is found, a dialog will notify you that malware was removed. In some cases, the update may need to restart your computer in order to completely remove the Flashback malware.€

In addition, the update also disables the Java plug-in in the Safari Web browser. Apple also offered steps to re-enable it.

Graham Cluley, senior technology consultant for security software maker Sophos, applauded Apple€™s actions for protecting even those users who have not upgraded their systems and aren€™t running a good antivirus program.

€œIt's encouraging to see Apple has not left users of this older version of the Mac OS X operating system completely out in the cold when it comes to protecting against the latest threats,€ Cluley wrote in a May 14 post on Sophos€™ NakedSecurity blog. €œClearly they realize that it's not good for the Apple Mac's image if older computers connected to the Internet are harboring malware that could cause problems for others in the Mac community.€

He noted that there also are Mac users still running the OS X 10.4 Tiger operating system, and that Apple has given no indication that it plans to offer security updates for those systems. However, Cluley said that Sophos has free software to protect those users as well against the Flashback exploit.

The Flashback malware was the most significant cyber-attack on Apple€™s Mac users, and exposed Apple€™s weaknesses in security. The malware exploited a vulnerability in Java that Oracle had patched in Microsoft Windows PCs and other systems in February. However, Apple didn€™t issue its own patch until early April, by which time the Flashback malware had infected more than 600,000 systems.

Apple was then behind various security software makers€”including Sophos, Intego and Symantec€”in issuing tools to detect and remove the malware.

Security experts have warned that as Internet-connected Apple products€”not only Macs, but also iPads, iPhones and iPod Touches€”grow in popularity, they increasingly will become targets of cyber-criminals. There had been several other attacks on Macs over the past year, though Flashback was the most significant.

Security researchers at Kaspersky Lab believe the Flashback attack started from tens of thousands of WordPress blog sites that had been hacked into and compromised. The Macs were then infected when users clicked on the compromised blogs.

Apple reportedly is asking Kaspersky to analyze security on the Mac OS X platform.