For all of you Mac users out there, including my daughter, it is time to drop the haughty attitude regarding Mac’s supposed superiority because of its perceived immunity to malware attacks. As has been widely reported, all of that has changed. It turns out that a recent version of malware going by the name of Flashback exploits a flaw in Java in order to install itself on your Mac. Users beware and estimates are there are over 600,000 of you.
Straight from the orchard
If you are a Mac user you might wish to click this link and bookmark it. It is also advised to bookmark this link to Kaspersky Lab (News - Alert) which enables Mac users to see if they have been infected. And, it would be advised to read the fine detailed report on this done by the CBS’s Phildelphia TV station Channel 3. In a nut shell here is what Flashback is, does and how to get rid of it.
· Flashback is malware that exploits a flaw in Java to keep a door open to your computer. It is obtained by visiting malicious websites.
· As various article note, so far it is relatively benign in that it is not known to do key-stroke capture but it does send you browsing history to the bad guys server.
· Oracle has a patch for this that has not been ported by Apple (News - Alert) for use with its OS, but Apple as its site says is “developing software that will detect and remove” it.
What to do today
Fox News has a great list of things you can do today to protect your Mac. It is too comprehensive to produce here, and some of the steps suggested are not as easy as apple pie. Please take to heart the admonition in the article that the anti-virus software that Apple bundle into OS X 10.7 Lion is not the answer, and that the next version of the software is not much better. I did like their little jibe, “Take a deep breath and say to yourself, ‘Steve Jobs (News - Alert) is dead and my Mac is not immune to malware.’ Then install a solid anti-virus product. Today, right now, ASAP.”
The article also recommends that you disable your Java run-time engine if you are not using it which will of course kill your ability to use programs that run it. And, they advise that it is time to ditch your trusted PowerPC Mac because Apple no longer provides security patches for its older workhorse.
Better late than never
There is one final thing that various folks with expertise on the matter have been kind enough to highlight. Not only has Oracle (News - Alert) had a patch for some time, but the Java flaw Flashback exploits was patched two months ago for Windows and Linux.
It is a sad state of affairs that we live in a risky world where no company’s products are immune. Obviously the lesson learned here is there is no alternative to having the best protection possible. It is unfortunately that rotten to the Apple core now has taken on a new meaning.