Apple releases Flashback removal tool, infections drop to 270,000

Apple today officially released the third update to its Java component in the space of a single week. The new Java security update delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions.

In a separate article published earlier today, Symantec published results from its monitoring network. On April 6, the number of infections was estimated at around 600,000. Symantec says that number dropped to 380,000 on April 10 and to 270,000 on April 11. Those results suggest that community efforts and the wide availability of third-party removal tools had a significant impact.

Apple's update is described in two separate bulletins, one for OS X Lion and a second for Mac OS X 10.6 (Snow Leopard).

It includes functionality designed to detect and remove “most common variants of the Flashback malware.” Another interesting new feature is intended to block copycat attempts that try to exploit vulnerabilities that might be found in this version, although the new feature is available only to users of the latest version of OS X.

The update for OS X Lion configures the Java web plug-in to disable automatic execution of Java applets, a security feature that many Mac experts recommend for all Mac owners.

If a user re-enables this feature—to use a web-based Java applet, for example—the Java web plug-in starts a counter and disables Java again after a specified interval.

A separate mailing from Apple Product Security describes how that feature works:

As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications detects that no applets have been run for an extended period of time it will again disable Java applets.

The new feature does not apply to Mac OS X 10.6 (Snow Leopard).

Although Apple has never officially acknowledged that it has dropped support for Mac OS X 10.5 (Leopard) and earlier versions, a third security bulletin released today makes the point implicitly:

How to disable the Java web plug-in in Safari describes the procedure for Mac OS X 10.4 and Mac OS X 10.5, in addition to the two more recent, fully supported versions. The same document includes links to third-party support documents with procedures for disabling the Java plug-in in Chrome and Firefox.

If Apple holds true to its previous support policies, support for Snow Leopard will end this summer with the release of OS X Mountain Lion.

Related:

• New Mac malware epidemic exploits weaknesses in Apple ecosystem
• Apple’s security code of silence: a big problem
• Over 600,000 Macs infected with Flashback Trojan
• Second source confirms: 1 in 100 Macs are infected by Flashback
• How big a security risk is Java? Can you really quit using it?
• Apple too slow to act on Flashback malware
• Researcher: 50 percent of Mac OS X users still running outdated Java versions