If you’re a Mac user, don’t freak out: yes, it’s true that nearly 600,000 Mac computers have been infected by the Flashback trojan. But the world is not ending. Yet.
Lots of news and hype are being generated about a recently discovered, Mac-focused trojan downloader called Flashback. This is a serious setback to OS X security, and you should be respectfully aware of it, but it’s not that difficult to detect nor to fix.
The exploit was originally hidden within a fake Adobe Flash installer, but has since evolved such that simply visiting one of a few specific web sites designed to spread the infection could impact your Mac system.
The F-Secure web site has a great write-up on the details of this Java exploit, and Apple has issued a Java update to address the vulnerability (two updates, if you’re a Lion user: a second update to fix a problem with the first a few days afterward). Run a System Update to ensure you have the latest version of Java available from Apple.
Open a Terminal, and enter these three commands, in any order:
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment defaults read /Applications/Safari.app/Contents/Info LSEnvironment defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If any of these three commands results in anything different than output that ends with “does not exist”, it’s likely that you may indeed have a problem and should turn your attention toward fixing it immediately. Again, I defer to the experts at the F-Secure site for instructions, which are just a few Terminal commands.
One question still being asked is why it took Apple two months after Oracle had issued their original Java update to address this vulnerability to release one (or two) update(s) for OS X.