Categories: MacSecurityWorkspace

Apple Issues ‘Cool’ Fix For Flashback

Apple has released yet another update to counter the Flashback Trojan, but has done something rather innovative this time around.

Rather than issuing a fix for any vulnerabilities, Apple has released a new version of Java for Mac OS X 10.7 and 10.6 that erases known variants of Flashback, whilst automatically disabling Java when it has not been in use for the last 35 days. If users want to enable Java again, they will have to go into Preferences and make the necessary alterations.

“This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application,” Apple said in itsd advisory. “If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.”

‘Exciting’ Apples

Apple has been criticised for its response over the Flashback malware, with Trend Micro’s Rik Ferguson saying it was “misguided to believe that the simple act of not talking about publicly disclosed, and worse actively exploited, vulnerabilities will protect your customer.” Yet CTO of Qualys, Wolfgang Kandek, has praised Apple’s latest move.

“This is exciting and to my knowledge nobody has done something like this before. It makes total sense to me. We have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security conscious users will do so,” Kandek said in a blog post.

“Given the task of monitoring Java use to the computer itself is a great idea and an excellent experiment in computer security. It will be interesting to see how user acceptance of such a measure will work out.”

Some still have reservations over Apple’s move. F-Secure’s chief research officer Mikko Hyponnen tweeted: “Apple’s Flashback fix is 66MB. Ours is 39kB. Just sayin’.”

Flashback bot numbers have been plummeting over the past few days. Symantec reported yesterday that the number of bots had been cut to 270,000 as of 11 April. Infections had peaked at around 650,000. Now Apple has taken this fresh step, and security companies have set up various sinkhole operations to kill off the botnet, this Flashback operation should be killed off soon.

Apple is working with ISPs to dismantle the botnet, but the company’s first steps created something of a snafu. The iPhone maker asked for one of security company Dr Web’s domains to be closed. The domain was being used by Dr Web as part of its sinkhole operation.

Think you know security? Test your knowledge.

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Innovation - or desperation - Why not simply disable the whole machine if not used for 35 days!

    This is a cop out by Apple, I can easily go 35 days without running some programs (like iTunes!) but that doesn't mean I want it disabled (although in this example it does!).

    At the very minimum they should let the user choose to disable java and then detect a call to use Java and let the user make a decision.

Recent Posts

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

32 mins ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

16 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

18 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

20 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

20 hours ago