Yesterday we brought you news of an alarming piece of malware targeting Macs. The Flashback trojan uses a vulnerability in Java to install on users’ computers without the user’s knowledge or consent. While nearly all malware designed to attack Macs requires user interaction – it usually masquerades as something innocent, like Adobe Flash Player – this newly-discovered variant of Flashback can be installed on a user’s computer if they so much as visit an infected website.
Following the discovery of the new variant by Russian security site Doctor Web, Apple released an update to Java that fixed the exploit that the botnet was using to install on users’ machines. Late last evening, Apple released another update to Java. It’s not clear whether this second update in a week is also intended to address the Flashback problem. The information Apple sent out with the update only says that it “delivers improved compatibility, security, and reliability.” Also, the update appears to be specific to OS 10.7 Lion, while the previous update was also available for OS 10.6 Snow Leopard.
Whatever the update does – and it’s a fair bet that it’s Flashback related – it’s definitely in your best interest to get it as soon as you can. It can be downloaded using Software Update on your Mac. Also, if you think you may have the Flashback botnet, you can find instructions for detecting and removing it here.