Security industry criticises Apple over Flashback malware

Cupertino company slammed over slow response to fix Trojan problem.

criticism

Apple has been hauled over the coals by the security industry and accused of being slow to eradicate malware that left upwards of 600,000 Macs infected with the Flashback Trojan.

While the iPhone maker has released two specific patches to deal with a flaw in the OS X Java Virtual Machine it is still working on a tool to remove existing infections present on victims' machines. Security experts have attacked the iPad manufacturer's complacency.

Advertisement - Article continues below

The threat to Apple machines first surface in September last year, giving cyber criminals time to amass infected Macs into a huge botnet capable of causing massive damage to networks worldwide.

Kaspersky Lab's chief security expert, Alexander Gostev, blamed Apple for not taking action sooner.

Gostev said Apple knew about the threat "for months" but did little to protect OS X users from the Java flaw. The same flaw in Windows and Linux machines had been patched months ago.

The infection makes it one of the largest in Apple's history. Kaspersky said around 98 per cent of the 600,000 machines infected with the Flashback malware run OS X. Of those, around 47,000 are based in the UK.

While Oracle, which develops Java, issued a patch for Windows and Linux machines around three months ago, Apple patches the Java implementation on OS X itself and only issued a fix earlier this month. This meant Mac users were left exposed to the infection for much longer than users of other operating systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The three-month delay in sending a security update was a bad decision on Apple's part," said Gostev. "Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time."

He added that the problem was exacerbated by the "myth" of Apple computers being "malware free".

"Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security," said Gostev.

Apple said that while the vulnerability had been patched, it is still "developing software that will detect and remove the Flashback malware". At the time of writing the Cupertino-based company was yet to release the malware removal tool.

In the meantime, Apple has advised user to disable Java in their browser preferences and is said to be liasing with ISPs around the world to deactivate the botnet's command and control network.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/30081/what-is-a-trojan-virus
Security

What is a Trojan?

24 Apr 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/mobile/mobile-phones/355761/apples-ios-135-update-targets-coronavirus-related-iphone-issues
Mobile Phones

Apple’s iOS 13.5 update targets coronavirus-related iPhone issues

22 May 2020
Visit/mobile/mobile-phones/355747/apple-reportedly-delaying-iphone-12-launch-until-october
Mobile Phones

Apple reportedly delaying iPhone 12 launch until October

21 May 2020

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020