Not even Steve’s children are safe…

Two weeks ago, 2oceansVibe reported on the rising concerns from tech and ICT analysts around the world regarding the vulnerabilities of Apple machines and software to online attack and malware.

Until now, the relative exclusivity of Mac software and users has protected the machines, compared to the regular onslaught on PC and Windows systems, and Apple has even marketed their products as “virus free”. But with growing popularity comes growing threat of viral attack. A recent study by Kaspersky Labs reveals one piece of malware that has managed to infiltrate over 600 000 Macs, throwing the supposedly tight security protocols used by Apple into sharp relief.

Kaspersky Labs analysed Flashfake and concluded that more than 98% of the 600 000 infected computers were most likely running a version of Mac OS X. To infect victims’ computers, the users’ behind the Flashfake botnet were installing a Flashfake Trojan that gained entry into users’ computers without their knowledge by exploiting vulnerabilities in Java.

Although the Trojan has not been detected doing anything else malicious, the risk it poses is still significant as the malware functions as a downloader on users’ computers, which means the programmers behind Flashfake can easily issue new, updated malware – capable of stealing confidential information such as passwords or credit card details – and install it onto infected machines remotely.

Although Oracle issued a patch for this vulnerability three months ago, Apple delayed in sending a security update to its customer base until 2^nd April. Users who have not updated their systems with the latest security should install and update immediately to avoid infection, while Apple has been roundly criticised for waiting so long to issue the patch.

[Source: Bandwidth Blog]