Apple products have previously been noted as less susceptible to viruses than Windows PC’s. However, last week saw 550,000 Mac machines attacked by a Mac-specific Flashback Trojan through exploiting a Java hole that Apple only patched on Tuesday, a full six weeks after Microsoft plugged it up on Windows machines.
The malware was capable of installing itself on unprotected Mac machines without any user interaction, thus explaining the extent of its successful spread. Users simply became infected by visiting a site loaded with exploit code. The malware establishes a back door on compromised systems for a subsequent download of additional cyber-bugs including a data-stealing Trojan that attempts to take passwords and banking information from Safari as well as a search-hijacking tool. This was likely to have been designed to power click-fraud scams or to redirect users to scareware portals.
In a message posted on Apple’s website’s support section, the company said it had fixed a “Java security flaw for systems running OS X v10.7 and Mac OS X v10.6”. It suggested users of Macs running earlier versions of its system software should disable Java in their web browser preferences.
In addition, Apple said it was working with ISPs to shut down networks of servers hosted by the malware authors, which the code – known as Flashback – relies on “to perform many of its critical functions”.
To find out more, please call us on 0845 504 8989, or complete our contact form.