April 02, 2012

"Flashback" trojan targets Mac computers

Researchers at F-Secure have spotted Mac malware on the loose that seeks to exploit a vulnerability in Java.

The malware is a new variant of the Flashback, a password-stealing trojan. The latest strain takes advantage of a flaw in Java -- CVE-2012-0507, according to F-Secure -- which was patched by Oracle in February. But Apple has yet to push the update to its Mac OS X platform.

As users await a patch, an F-Secure threat researcher who goes by "Brod" suggested on Monday that they disable Java in their browsers to avoid falling victim to the exploit, which is being delivered via malicious web pages.

"So if you haven't already disabled your Java client, please do so before this thing really becomes an outbreak," Brod wrote.

An Apple spokesperson did not return an email seeking comment.

Related Articles
Related Topics

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.