April 02, 2012

"Flashback" trojan targets Mac computers

Researchers at F-Secure have spotted Mac malware on the loose that seeks to exploit a vulnerability in Java.

The malware is a new variant of the Flashback, a password-stealing trojan. The latest strain takes advantage of a flaw in Java -- CVE-2012-0507, according to F-Secure -- which was patched by Oracle in February. But Apple has yet to push the update to its Mac OS X platform.

As users await a patch, an F-Secure threat researcher who goes by "Brod" suggested on Monday that they disable Java in their browsers to avoid falling victim to the exploit, which is being delivered via malicious web pages.

"So if you haven't already disabled your Java client, please do so before this thing really becomes an outbreak," Brod wrote.

An Apple spokesperson did not return an email seeking comment.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.