Apple Releases Flashback Malware Removal Tool and Patches

Tuesday, April 17, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Apple has released a malware removal tool for the most common variant of the Flashback Trojan, as well as security updates to mitigate the vulnerability exploited by the malware.

The Flashback Trojan exploited three Java vulnerabilities to gain remote access to the infected systems and likely included a keylogger capability to capture authentication credentials, and is thought to have infected more than 600,000 systems.

The removal tool will detect and automatically remove the malware from the infected device. According to the Apple bulletin:

"This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. In some cases, the user will need to restart in order to completely remove the malware. There is no indication to the user if malware is not found. This update is available for OS X Lion systems that do not have Java installed."

The tool is applicable to "OS X v10.7 or later without Java installed."

Apple also notified users that patches to mitigate the vulnerability exploited by Flashback are available for the following products:

  • OS X Lion v10.7.3
  • OS X Lion Server v10.7.3
  • Mac OS X v10.6.8
  • Mac OS X Server v10.6.8

The Apple security bulletin advises the following for users of OS X Lion v10.7.3, OS X Lion Server v10.7.3:

"As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications. Further information is available at http://support.apple.com/kb/HT5242."

The Apple security bulletin also advises the following for users of Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3:

"This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. These updates include the security content from Java for OS X 2012-002 and Java for Mac OS X 10.6 Update 7."

Researchers at Kaspersky Labs have also recently discovered another OSX backdoor that utilizes a Java exploit dubbed "SabPub" which may have been in the wild for about a month.

Apple has yet to release an guidance for mitigating the SabPub Trojan.

Possibly Related Articles:
13525
Viruses & Malware
Apple Trojans malware Tools Operating Systems Headlines Mitigation Mac OS X Critical Patch Updates SabPub Flashback
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.