Flashback Fallout

If you’re a Mac user, don’t freak out: yes, it’s true that nearly 600,000 Mac computers have been infected by the Flashback trojan. But the world is not ending. Yet.

Flashback's original fake "Flash" installer. Source: f-secure.com

Lots of news and hype are being generated about a recently discovered, Mac-focused trojan downloader called Flashback. This is a serious setback to OS X security, and you should be respectfully aware of it, but it’s not that difficult to detect nor to fix.

The exploit was originally hidden within a fake Adobe Flash installer, but has since evolved such that simply visiting one of a few specific web sites designed to spread the infection could impact your Mac system.

The F-Secure web site has a great write-up on the details of this Java exploit, and Apple has issued a Java update to address the vulnerability (two updates, if you’re a Lion user: a second update to fix a problem with the first a few days afterward).  Run a System Update to ensure you have the latest version of Java available from Apple.

Open a Terminal, and enter these three commands, in any order:

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment 
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

If any of these three commands results in anything different than output that ends with “does not exist”, it’s likely that you may indeed have a problem and should turn your attention toward fixing it immediately.  Again, I defer to the experts at the F-Secure site for instructions, which are just a few Terminal commands.

One question still being asked is why it took Apple two months after Oracle had issued their original Java update to address this vulnerability to release one (or two) update(s) for OS X.


One thought on “Flashback Fallout

  1. Pingback: Project Magenta is Linux-based mobile OS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s