updated 08:45 pm EDT, Tue April 10, 2012
Posts technote with advice on avoidance
The Flashback malware, which has been seen to have affected as much as one percent of the Mac user base (the highest percentage of any threat so far), has finally received an official KnowledgeBase article by Apple that explains how the Trojan works, recommends how to avoid being at risk, and says the company is working on a Flashback detection and removal tool. The brief report also mentions Apple's efforts to disable the Trojan's effectiveness by disabling the servers the malware attempts to contact.
Pointedly, the note does not recommend that users adopt any sort of anti-malware or "anti-virus" software, preferring to recommend that users stick to regular updates from Software Update. Apple already has an anti-malware tool built into Snow Leopard and Lion systems that it routinely (but silently) updates, but that tool is ineffective against this latest attack because it exploits a vulnerability in Java, a program that is not under Apple's control.
Lion and Snow Leopard users are advised to use Software Update to upgrade the installed version of Java (if users are running it) to the latest version, which Oracle updated some weeks ago to address the vulnerability that the new Flashback variant takes advantage of. Lion is installed with no Java implementation by default, though if users attempt to run a Java program either on- or off-line, they will be prompted to install the latest version, which is now patched to exclude the vulnerability.
Users of earlier systems, such as Leopard (OS X 10.5) or Tiger (10.4) are advised to simply disable Java in the browser preferences of their web browser, as users of those systems cannot use the latest version of Java for Mac. Java is much less-used on the web than it has been in years past, and many users may not see any or few differences.