AAPL Stock: 124.25 ( -0.18 )

Printed from

Flashback.K Trojan exploits unfixed Java vulnerability

updated 05:10 pm EDT, Mon April 2, 2012

Recent malware continues to evolve

Yet another new variant of the Flashback Trojan for the Mac has been discovered in the wild, says security firm F-Secure. Called Flashback.K, the new version is said to be dangerous not only because it can infect a Mac without an admin password, but because it relies on a Java vulnerability that has so far gone unfixed in OS X, even though Oracle itself has closed the hole. Apple distributes Mac Java updates on its own timetable.

Previous versions of Flashback have tried to exploit Java, but were easier to defeat because they relied on old vulnerabilities. The malware has in fact evolved multiple times, at one point gaining the ability to circumvent OS X's built-in malware protection.

F-Secure provides an online guide for manually removing the Trojan if necessary. The most recent edition of OS X, Lion, ships without Java by default, but still supports the platform and provides instructions for installing the plugin.

by MacNN Staff





  1. chas_m



    Short version

    of the instructions from F-Secure: turn off Java in Safari preferences. Chances are you're not using it anyway, so it will have no or little effect.

  1. facebook_James

    Via Facebook

    Joined: Apr 2012


    Apple no longer distributes JAVA

    JAVA was handed back by Apple to Oracle, JAVA's owner - for its maintenance and updates.

    Third party products like JAVA and Flash greatly increase vulnerability in Mac OS X by creating holes in the operating system.

    Turning off Java in Safari is smart since it is rarely used in Safari.

  1. jreades

    Joined: Dec 1969


    Re: Apple no longer...

    Errrr, no.

    It might be nice to blame Oracle for this, but if you'd read the article you'd notice that it says that Oracle has patched the problem. Apple builds and distributes its own Java distribution -- this is why it shows up as a Software Update and if you got to then you will be prompted to download it from Apple's web site and not from Oracle.

    chas_m's advice is much more useful than your opinion on who is to blame. BTW, Java is useful for a whole bunch of things -- I spent most of the morning developing in it (on my iMac).

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Apple 13-inch MacBook Pro (Early 2015)

Although the new darling of the Apple MacBook line up is the all-new MacBook, Apple has given its popular 13-inch MacBook Pro with Ret ...

Griffin Twenty

A few years ago Griffin launched the original Twenty, a small digital amp that used an AirPort Express to turn any set of passive spea ...

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill th ...


Most Commented