Update Java to avoid (and remove) the OSX Flashback Malware


April 13, 2012 By Tim O'Brien

This is something of a public service announcement because we know from our site analytics that 14.29% of you are running OSX. If you run OSX 10.6 or higher and Java, take a quick break and upgrade.

In case you missed it there is a vulnerability in Apple’s version of Java that is fueling the rise of what people are calling the Flashback botnet. According to this Computerworld article, this OSX Flashback botnet is at least 600,000 computers strong and the latest variants of the attack “do not require user intervention”. The advice to fix this Mac vulnerability? Last week a Register article stated that “F-Secure advises users to disable Java, which is not needed to visit the vast majority of Web sites, on their Mac.” Right….. disable Java. Something tells me that’s not effective advice for this developer audience.

If you want to protect yourself, follow Apple’s instructions and upgrade Java. If you are running OSX Leopard or earlier, you are out of luck and you should probably either disable Java or upgrade (really, isn’t it time for an upgrade anyway?). This upgrade from Apple will also remove installed malware if you’ve been compromised. Conclusion: Java developers, all of your OSX machines are belong to Flashback. Upgrade now.

Note: This post references our Security Feed. We maintain a feed of security stories relevant to developers which is isolated from our main blog feed. If you are interested in getting the full feed, read it here.