Critical Update for Mac OS X
Mac Malware Moving Up
- By Helpline
Keeping operating systems, particularly Microsoft Windows, up to date with security patches has always been critical for safe computing, but with the recent rise in Mac-targeted malware, updates for Mac OS X aren't something to be ignored. The recent Flashback trojan specifically targets Mac OS X by exploiting a vulnerability in unpatched Java software installations. Java is used in many online applications, including UVM Registrar's Banner student information system.
Mac OS X was similarly targeted by malware in mid-2011 by the MacDefender fake antivirus trojan. Unlike the MacDefender trojan, which in most cases required human interaction to install itself, the Flashback trojan is able to silently install itself without user interaction or notification.
Protection and Removal
With 600,000 Macs worldwide infected by Flashback, there are currently 200 known infected systems on UVM's network. Apple has released a Java update and Flashback removal tool to combat Flashback infections:
- Mac OS X 10.7 Lion:
- Mac OS X 10.6 Snow Leopard:
- a combined Java update and Flashback remover for OS X 10.6
The Java update and Flashback remover is downloaded automatically by the Mac OS X built-in Software Update feature, which by default runs once per week, but requires users to approve the update's installation by clicking the Install button. To manually initiate Software Update, click the Apple menu in the upper left corner and choose Software Update.
Macs running OS X 10.5 Leopard and earlier are advised to disable Java and run Flashback removal tool software (note that for multi-user Macs, each of these steps must be done for every user account on the Mac). Antivirus software such as the free Sophos Anti-Virus for Mac Home Edition can also be used to remediate and help prevent infections from various types of malware.
For assistance with running Software Update, or if you have questions about Flashback or using removal tools, see the IT Help & Support Web page for available help resources.