April 02, 2012

"Flashback" trojan targets Mac computers

Researchers at F-Secure have spotted Mac malware on the loose that seeks to exploit a vulnerability in Java.

The malware is a new variant of the Flashback, a password-stealing trojan. The latest strain takes advantage of a flaw in Java -- CVE-2012-0507, according to F-Secure -- which was patched by Oracle in February. But Apple has yet to push the update to its Mac OS X platform.

As users await a patch, an F-Secure threat researcher who goes by "Brod" suggested on Monday that they disable Java in their browsers to avoid falling victim to the exploit, which is being delivered via malicious web pages.

"So if you haven't already disabled your Java client, please do so before this thing really becomes an outbreak," Brod wrote.

An Apple spokesperson did not return an email seeking comment.

Related Articles
Related Topics

More in News

NYPD detective charged with hiring hackers so he could spy on ex-girlfriend

Edwin Vargas, 42, was arrested on Tuesday for allegedly buying email login credentials and cracking fellow officers' email accounts.

Twitter begins rollout of two-factor authentication to limit account takeovers

Twitter begins rollout of two-factor authentication to limit ...

Following a series of high-profile Twitter account hijacks, the microblogging service finally has delivered two-factor authentication.

Commission offers suggestions for stemming online spy threat from China

Commission offers suggestions for stemming online spy threat ...

The 100-page report mostly addresses alleged Chinese cyber espionage operations, and suggests it's time for U.S. government agencies and corporations to consider more proactive approaches, possibly including hack-backs.