AAPL Stock: 519.01 ( + 1.05 )

Printed from

Flashback.K Trojan exploits unfixed Java vulnerability

updated 05:10 pm EDT, Mon April 2, 2012

Recent malware continues to evolve

Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.

Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.

F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.

by MacNN Staff





  1. chas_m


    Joined: Dec 1969


    Short version

    of the instructions from F-Secure: turn off Java in Safari preferences. Chances are you're not using it anyway, so it will have no or little effect.

  1. facebook_James

    Via Facebook

    Joined: Apr 2012


    Apple no longer distributes JAVA

    JAVA was handed back by Apple to Oracle, JAVA's owner - for its maintenance and updates.

    Third party products like JAVA and Flash greatly increase vulnerability in Mac OS X by creating holes in the operating system.

    Turning off Java in Safari is smart since it is rarely used in Safari.

  1. jreades

    Joined: Dec 1969


    Re: Apple no longer...

    Errrr, no.

    It might be nice to blame Oracle for this, but if you'd read the article you'd notice that it says that Oracle has patched the problem. Apple builds and distributes its own Java distribution -- this is why it shows up as a Software Update and if you got to then you will be prompted to download it from Apple's web site and not from Oracle.

    chas_m's advice is much more useful than your opinion on who is to blame. BTW, Java is useful for a whole bunch of things -- I spent most of the morning developing in it (on my iMac).

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular

MacNN Sponsor

Recent Reviews

Linksys EA6900 AC Router

As AC networking begins to makes its way into more and more devices you may find yourself considering an upgrade for your home network ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Ooma Office small business VoIP

Voice over IP (VoIP) services have been around for a very long time. Only recently has the implementation become a bit more robust, al ...


Most Commented