Apple issues second anti-malware patch

2 hrs.

Intego

Apple has now issued the second software update this week in order to patch the vulnerability in Java software that allowed the malware to spread to up to 600,000 Mac computers.

Intego, maker of Mac security software, said the malware, known as Flashback, has “changed greatly from its first incarnation. Initially a fake Adobe Flash installer (hence the name Flashback), it later changed to impersonate a Software Update dialog, before using Java vulnerabilities to install.”

Once installed, the malware can be used by criminals to steal personal information, including passwords.

Intego said that as of Thursday, “all of the servers that were providing the
Flashback malware seem to be off-line; this is likely to do the
activities of the many security companies that have worked on exposing
this malware and the servers it uses. However, the command and control
servers are still active, so those Macs that are infected are still
vulnerable to data theft and more.”

Besides, the firm said, it is “likely that this malware will be back in another guise in the future. But for now, the most important thing users can do is make sure that they update Java – as well as apply any other security updates that they haven’t installed yet – to be protected in case the Flashback servers come back online.”

Mac users can get Apple’s security fix by clicking on Software Update in the Apple menu.  The fix applies to those using Mac OS X 10.6 Snow Leopard and OS X 10.7 Lion.

Apple issued a first fix earlier this week, then updated that fix Thursday. Said Intego:

It is possible that Apple discovered a minor glitch in the first
update, necessitating a new release. It seems that this update is only
available for Lion, whereas the first update was for both Snow Leopard
and Lion.

In any case, it is essential that all Mac users apply this update.
The Flashback malware has been very active in the wild, and can install
with no user interaction, if Java is not patched.

If you’re not sure whether your Mac is infected, security firm F-Secure has instructions on how to find out if you do and how to remove the malware.

Sophos Security, another maker of Mac security software, suggests users consider disabling Java, or removing it entirely. (Java should not be confused with Javascript, a commonly used Web programming tool.)

“Most Mac
users don’t need Java to work and surf in the year 2012,” the company says, and points users to a video showing how to remove it.

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.

1 day

Report: Apple is investigating new iPad Wi-Fi issues

Close post

Article source: http://www.technolog.msnbc.msn.com/technology/technolog/half-million-macs-infected-apple-issues-second-anti-malware-patch-674423

View full post on National Cyber Security » Virus/Malware/Worms