Apple Releases Tool to Remove Flashback Exploit

Several days after security software vendors had released tools to deal with the Flashback malware that infected 600,000 Macs, Apple finally releases its own tool.

Apple has finally released a tool to detect and remove the Flashback malware that at one time infected as many as 600,000 Macs, or more than 1 percent of the Macs in use worldwide.

The tool, released April 12, is part of a security update to Java, and enables Mac users to get rid of the Flashback exploit that was created to steal personal information from Mac users. Initially discovered last year, the exploit at first was a classic Trojan, disguising itself as an update to Adobe Flash.

The latest Flashback variants, which were detected last month, were drive-by malware that infected Macs when the users went to compromised or malicious Websites. The exploit became the largest malware infection of Macs and shook the reputation of Apple devices as essentially invulnerable to malware.

Apple€™s tool was released two days after the company said it was working on it. According to Apple, the security update €œremoves the most common variants of the Flashback malware.€

€œThis update also configures the Java Web plug-in to disable the automatic execution of Java applets,€ Apple said. €œUsers may re-enable automatic execution of Java applets using the Java Preferences application. If the Java Web plug-in detects that no applets have been run for an extended period of time, it will again disable Java applets. Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion.€

The exploited flaw is in Java, owned by Oracle, and not an Apple product. However, Apple caught a lot of heat for not being faster on releasing an update for it. Oracle had patched the flaw in Windows PCs and other systems weeks ago, but Apple didn€™t release the patch until April 3, around the same time that Russian antivirus firm Dr. Webb found that the malware had infected more than 600,000 Macs, more than half of them in the United States.

Researchers at Kaspersky Lab, using a similar €œsinkhole€ operation as the one used by Dr. Web, soon confirmed Dr. Web€™s numbers. It appears that the number of infections is falling. Symantec researchers on April 11 said that the number had dropped from 380,000 to 270,000 over a 24-hour period.

Over the past week, a number of security software companies€”including F-Secure, Kaspersky and Intego€”as well as a software programmer have developed free tools to detect and remove the Flashback malware. However, Kaspersky reportedly said April 12 that it was suspending the distribution of its tool to remove the malware after discovering it was mistakenly removing user settings.

Kaspersky officials said they will release an updated tool once the problems had been fixed.

As Apple devices grow in popularity, industry analysts have said that users should expect more attacks similar to Flashback. Already over the past year, there have been other attacks, including the Tsunami and Revier/Imuler Trojans, and the Mac Defender fake antivirus program.

"This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats," Mike Geide, senior security researcher at Zscaler ThreatLabZ, said in an email after Apple€™s April 3 patch was released. "And the need to follow best security practices, such as remaining current with patches, is ubiquitous€”it doesn't matter if you're using Windows, Mac or even [a] mobile phone."