Mac Flashback Attack Shows Apple's Security Weaknesses

As the number of infected Macs grew, Apple was criticized for its slow response and poor relations with the security community.

The number of Macs infected with the Flashback malware might be abating, but the damage to Apple€™s reputation within the security community could take longer to fix.

The company was criticized for being slow to offer the patch to fix the flaws in Java that made the Macs vulnerable, and even slower to offer a tool to detect and remove the Flashback malware once it was learned that the exploit had compromised as many as 600,000 Macs worldwide. In addition, Apple was seen as being uncooperative with experts in the security community, including the small Russian antivirus vendor that first detected the extent of the Flashback infections.

The incident also shook the reputation of Apple products being relatively invulnerable to malware and other malicious code. And security experts warned that, as the popularity of Apple Internet-connected devices€”not only Macs, but also iPads, iPhones and iPods€”continues to grow, so will interest from scammers.

"This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats," Mike Geide, senior security researcher at Zscaler ThreatLabZ, said in an email after Apple released a patch to fix the flaw in Java April 3. "And the need to follow best security practices, such as remaining current with patches, is ubiquitous€”it doesn't matter if you're using Windows, Mac or even [a] mobile phone."

Apple already has seen a rise in the attacks on its systems over the past year, including the Tsunami and Revier/Imuler Trojans and the Mac Defender fake antivirus program.

But it was the large number of Mac infections by the Flashback malware that made it stand out. The 600,000-plus didn€™t look like much when compared with the millions of Windows PCs that have been hit by malware in the past, but it also came out of a much smaller pool, and represented more than 1 percent of Macs in use worldwide.

€œSo one in 100 Macs is infected,€ researchers at Apple security software vendor Intego wrote in April 7 blog post. €œIt€™s clear that we are faced with an unprecedented attack of Mac malware.€