Apple has released two specific Java updates to stop the Flashback Mac malware and announced it is working on a software tool to remove existing infections but the company continues to be attacked by security experts for its complacency.
The first versions of this type of threat were detected in September 2011. The infected computers have been combined in a botnet, which enables cybercriminals to install additional malicious modules on them at will.
Anti-virus giant Kaspersky Lab, which makes both Windows and Mac security software, today criticised the speed of Apple’s response to the three-month-old Flashback security breach.
“The three-month delay in sending a security update was a bad decision on Apple’s part,” said Alexander Gostev, Kaspersky’s chief security expert.
The breach in Java attacked by Flashback was quickly patched in Windows by Java creator Oracle.
However, Apple continues to control the distribution of Mac OS X software updates for OS X, and didn’t act so quickly.
“Apple doesn't allow Oracle to patch Java for Mac. They do it themselves, usually several months later,” said Mr Gostev.
“This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard anti-virus update is a rudimentary affair which only adds new signatures when a threat is deemed large enough.”
“Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time!”
As we reported yesterday, on order to make it easier for average users to check whether their computers are infected, Kaspersky Lab launched a website on Monday where people can input their systems' unique hardware identifiers (UUIDs) to see if they are among the almost 700,000 Macs known to be infected with Flashback so far.
Kaspersky also released a stand-alone removal tool for the Flashback malware, which Mac owners can download and use for free. However, it's probably a good idea to install a full-featured antivirus program after running this tool in order to prevent future infections.