Apple has now released a tool that removes the Flashback Trojan from infected Mac computers, according to a security update posted to Apple.com on Thursday. The malicious software, which some have casually referred to as the “Mac virus,” (even though, yes, we know, a Trojan is not a virus), had previously infected some 650,000 Mac laptops, making it one of the largest infections the Mac install base has ever seen.
The company had announced earlier in the week that it would deploy software to detect and remove the Flashback malware from users’ computers, which first began appearing on Mac computers back in September. It wasn’t until recently that the Trojan, which created a botnet consisting of infected Macs, returned with a vengeance. By early April, security firms were reporting that as many as half a million Macs could be infected and the number was growing still.
To address the malware, which was exploiting a security flaw in Java in order to install itself on Macs, Apple had been releasing Java updates through its Software Update feature. Apple had also been advising users to disable Java in their browser to better protect themselves from attack.
With the new removal tool, Apple is now able to disable Java applets by default (on some versions of OS X) and can now remove the Flashback Trojan from infected Macs.
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Java for OS X Lion 2012-003 delivers Java SE 6 version 1.6.0_31 and supersedes all previous versions of Java for OS X Lion.
This update is recommended for all Mac users with Java installed.
As you may notice, the above tool is only available for OS X Lion. Snow Leopard users are pointed to another removal tool here, but this one is unable to automatically disable Java in the browser. That will still need to be done manually.
Both updates, however, ship with the patched version of Java which was released via the Java security updates that went out earlier in the week.