Apple believe they have found a fix for the Flashback trojan which is thought to have infected some 600,000 Mac computers across the globe.
Flashback is a botnet that can issue commands to infected machines, harvesting usernames and passwords for nefarious means. Though Macs in particular have been hit hard by the trojan, the problem is not directly due to vulnerabilities in the Mac OS X software, but with Java.
Apple last week issued a makeshift Java fix for the Flashback problem, and yesterday posted news on their Knowledge Base website that a more comprehensive fix that would detect and remove Flashback is on the way. Apple will also be working with internet service providers to “disable the command and control network” that hijacks the machines.
“A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.
“Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.
“Apple is developing software that will detect and remove the Flashback malware.
“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.”