14 DAY TRIAL // Apple is documenting the security content of its two Java updates tasked with removing the Flashback Trojan in a knowledge-base article on its Support site. Mac users are advised to download and install these updates to protect themselves from the malware threat.
On OS X Lion v10.7.3, OS X Lion Server v10.7.3, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. This is a security hardening measure, according to Apple.
“Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications,” the company states, adding that further information is available at http://support.apple.com/kb/HT5242.
On Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3, Apple notes that a Flashback malware removal tool will be run, as part of the update.
“This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found,” says the Cupertino giant.
“These updates include the security content from Java for OS X 2012-002 and Java for Mac OS X 10.6 Update 7,” the document adds.
Earlier this week, Apple acknowledged that the Flashback Trojan posed a threat to the Mac OS customer base and promised to deliver a software fix. That fix was OS X security update 2012-003 for Lion customers, and Java for Mac OS X 10.6 Update 8 for Snow Leopard users.
Mac users running Mac OS X v10.5 (Leopard) or earlier versions of the Mac OS are told to disable Java in their web browsers’ preferences to protect themselves against Flashback.