We had reported yesterday that Apple was working to take down the servers distributing the Flashback malware and that it planned to release a removal tool. Now the removal patch has been released, and you can get it via Software Update.
Apple has posted additional details about the patch in a security document here, and has this to say about the patch:
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
This update is recommended for all Mac users with Java installed.
The Flashback malware had spread to some 500,000 infected systems as of last week, by taking advantage of a security flaw in Java which had been discovered in February. The security of Mac computers at large was obviously in question, so it’s good to see Apple take decisive action, although it would have been nice to see it a bit sooner, as this was a known vulnerability.
The Flashback program installs on an un-patched machine and attempts to harvest web browsing activity, usernames and passwords. It then sends that information to its network of computers across the internet. It is what’s known as a ‘drive-by’ infection because it can install itself on your machine after just a visit to an infected page, without any administrator passwords or installation procedures necessary.
The timing of this update is good, because Kaspersky Lab, which produced a Flashback removal tool of its own, called Flashfake, sent out a notice today that it had suspended distribution of that tool, as it had discovered a bug. “In some cases,” Kaspersky said, “it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data.”
Java is no longer installed by default in Lion machines, but everyone should update their Mac with the latest patch via Software Update, as it’s better to be safe than sorry.