AAPL Stock: 109.41 ( + 2.67 )

Printed from

Flashback.K Trojan exploits unfixed Java vulnerability

updated 05:10 pm EDT, Mon April 2, 2012

Recent malware continues to evolve

Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.

Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.

F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.

by MacNN Staff





  1. chas_m



    Short version

    of the instructions from F-Secure: turn off Java in Safari preferences. Chances are you're not using it anyway, so it will have no or little effect.

  1. facebook_James

    Via Facebook

    Joined: Apr 2012


    Apple no longer distributes JAVA

    JAVA was handed back by Apple to Oracle, JAVA's owner - for its maintenance and updates.

    Third party products like JAVA and Flash greatly increase vulnerability in Mac OS X by creating holes in the operating system.

    Turning off Java in Safari is smart since it is rarely used in Safari.

  1. jreades

    Joined: Dec 1969


    Re: Apple no longer...

    Errrr, no.

    It might be nice to blame Oracle for this, but if you'd read the article you'd notice that it says that Oracle has patched the problem. Apple builds and distributes its own Java distribution -- this is why it shows up as a Software Update and if you got to then you will be prompted to download it from Apple's web site and not from Oracle.

    chas_m's advice is much more useful than your opinion on who is to blame. BTW, Java is useful for a whole bunch of things -- I spent most of the morning developing in it (on my iMac).

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular

MacNN Sponsor

Recent Reviews

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

Epson WorkForce DS-40 scanner

In this day and age, there's a significant amount of pressure to go paperless, and downsize the amount of things that one collects ov ...


Most Commented