Apple releases Flashback removal tool, infections drop to 270,000

Apple releases Flashback removal tool, infections drop to 270,000

Summary: Apple today released an update to its Java component that removes known versions of the Flashback malware. In a separate study, Symantec reported that it counted only 270,000 infected Macs, down from a high of 600,000 last week.


Apple today officially released the third update to its Java component in the space of a single week. The new Java security update delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions.

In a separate article published earlier today, Symantec published results from its monitoring network. On April 6, the number of infections was estimated at around 600,000. Symantec says that number dropped to 380,000 on April 10 and to 270,000 on April 11. Those results suggest that community efforts and the wide availability of third-party removal tools had a significant impact.

Apple's update is described in two separate bulletins, one for OS X Lion and a second for Mac OS X 10.6 (Snow Leopard).

It includes functionality designed to detect and remove “most common variants of the Flashback malware.” Another interesting new feature is intended to block copycat attempts that try to exploit vulnerabilities that might be found in this version, although the new feature is available only to users of the latest version of OS X.

The update for OS X Lion configures the Java web plug-in to disable automatic execution of Java applets, a security feature that many Mac experts recommend for all Mac owners.

If a user re-enables this feature—to use a web-based Java applet, for example—the Java web plug-in starts a counter and disables Java again after a specified interval.

A separate mailing from Apple Product Security describes how that feature works:

As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications detects that no applets have been run for an extended period of time it will again disable Java applets.

The new feature does not apply to Mac OS X 10.6 (Snow Leopard).

Although Apple has never officially acknowledged that it has dropped support for Mac OS X 10.5 (Leopard) and earlier versions, a third security bulletin released today makes the point implicitly:

How to disable the Java web plug-in in Safari describes the procedure for Mac OS X 10.4 and Mac OS X 10.5, in addition to the two more recent, fully supported versions. The same document includes links to third-party support documents with procedures for disabling the Java plug-in in Chrome and Firefox.

If Apple holds true to its previous support policies, support for Snow Leopard will end this summer with the release of OS X Mountain Lion.


Topics: Open Source, Apple, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Default setting for Safari should be...

    Safari > Preferences...

    General Tab

    Uncheck "open" safe files after downloading option

    Security Tab

    Uncheck Enable Java

    Should have been this way since Mac OS X was introduced!
    Richard Flude
    • Agreed

      Apple has some high-powered security talent. It's a mystery to me what they're doing, unless they are focused exclusively on ML and iOS.
      Ed Bott
      • Need a change of attitude

        I think Apple just needs a change of attitude about security. You know Ed as well as I do if you keep saying your safe you will start to believe it. Apple's mind games about how safe OS X is and how bad Windows is goes way back.
        Maybe this will be a wake up call and maybe not. I know as a Mac user and a PC user that security should be on everyones mind. Don't believe marketing hype which is what Apple is most concerned about.
      • Java has been depreciated since the launch of Lion.

        Java isn't even included in Lion by default???it is a separate download???and Apple has depreciated it in earlier versions:

        "As of the release of Java for Mac OS X 10.6 Update 3, the Java runtime ported by Apple and that ships with Mac OS X is deprecated. Developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X."

        While it is fair that apple should have done better given that the exploit was documented and patched by Oracle previously, but apple have made abundantly clear that they are not supporting Java to the same level which they previously did, and that it is not a part of their ongoing OS roadmap, and not focusing so much on older technology.

        You're a tech blogger... It isn't a mystery to you what they were doing, you've just once again chosen to ignore the facts which don't fit your argument.

        Again, I'm not saying depreciation is an excuse for Apple, and they should have done better, but you know full well why it isn't priority one anymore. It's because Apple have publicly announced that it isn't a priority any more.

        I'm surprised they haven't severed ties altogether, and just told Oracle, Adobe or the LibreOffice team to develop a Java VM if they want to keep using the technology on Mac OS X.
      • It's "deprecated," not "depreciated"

        The word you're looking for is deprecated.


        More than 60% of all Mac owners have a pre-Lion version. Many Lion owners have a need to run Java, and Apple's failure to patch this known vulnerability 45 days after a supported patch was available for all other platforms is a horrible disservice.
        Ed Bott
    • It was with Lion...

      Java had to be manually installed with a clean Lion install. If you didn't need it then you didn't have to install it.
  • What a joke!

    [i]The update for OS X Lion configures the Java web plug-in to disable automatic execution of Java applets...[/i]

    Why isn't Apple just taking advantage of the "inherent" security of OS X to block this thing?
    • A good question

      [i]Why isn't Apple just taking advantage of the "inherent" security of OS X to block this thing?[/i]

      Why can't Apple just sandbox Java on OS X? Java can be jailed on FreeBSD:
      "Java - either OpenJDK and/or Oracles Sun JDK have been installed on some of the jails.
      Rabid Howler Monkey
  • Me thinks BS

    I know quite a few Mac owners. Exactly NONE even knew of this malware. There is simply no way it went from 600,000 to 380,000 in 4 days.

    More like the numbers are wrong, someplace. That place is probably where it would make better link whoring to blog posts.
    • I have to agree something is wrong with these numbers.

      Pagan jim
      James Quinn
      • @ye, you're doing exactly the same thing you're accusing them of doing

        So knock it off.
      • Uh Huh

        I know literally hundreds of people who run Windows, and at my job we have more than 1,500 Windows based PC's, and not one of them ever got Conficker....guess that proves Conficker doesn't exist.

        Similarly, I've never met a single person who had cancer or who died from cancer...not a single family member or friend.....guess that proves cancer doesn't it.
        Doctor Demento
      • @Doctor Demento

        The only thing you have been able to prove with those examples is that you are absolutely clueless. You know full well nobody was claiming that it didn't exist. Of course that would be a fact and some people around here are very adverse to facts.
    • Symantec

      They assume this number has dropped and provided a report so folks can buy their products. I must have missed something, but how could they have counted that many computers? I won't discredit them, but if there is a huge malware problem, the US Cert teams should do a better job in reporting this. It's beginning to look like FEMA when Katrina hit.
      • ..

        I would assume the number of people infected is much greater as most people do not run Symantec as it is a horrid protection program so how they would count the other more used products that found and quarantined it is a question to me.
    • There in lies the problem

      that something like this could infect so many machines and it is ok that some people do not know about it. It had to be a significant problem if Apple issued a fix for the problem. If it was not a problem then there would not be this removal tool released. Correct?
      • Actually, no.

        Apple's motivation could simply be to show that they are responsive to security concerns -- regardless of the scope of the actual problem.

        Fwiw, I work on a campus of thousands of Macs, and have contact with businesses with hundreds more. I know of NONE that have been infected by this malware. I'm not saying it's not out there -- obviously, it is. But I do question how the 600,000 machines or "1 of 100" figures were figured. I'd need to see some proof to counter what I'm (not) seeing with my own eyes on a very large sampling of Macs, with a range of OSes from 10.4 through Mountain Lion.
      • 1000's of Macs on one campus????

        Is that place Apple Universitiy as that means what 2 macs per student and teacher then macs that just sit in the corner of each room? Then to assume Apple motivation is to show quick response is really reaching since thier policy is to deny first and admitt later.
    • I don't see why not since Apple released a tool to remove it.

      [i]There is simply no way it went from 600,000 to 380,000 in 4 days.[/i]

      Why does this seem so unbelievable to you?
      • Perhaps

        Because this sort of number reduction is not seen in the dear old "Wild World of Windows" you sad little chap.