Security industry criticises Apple over Flashback malware

Cupertino company slammed over slow response to fix Trojan problem.

criticism

Apple has been hauled over the coals by the security industry and accused of being slow to eradicate malware that left upwards of 600,000 Macs infected with the Flashback Trojan.

While the iPhone maker has released two specific patches to deal with a flaw in the OS X Java Virtual Machine it is still working on a tool to remove existing infections present on victims' machines. Security experts have attacked the iPad manufacturer's complacency.

The threat to Apple machines first surface in September last year, giving cyber criminals time to amass infected Macs into a huge botnet capable of causing massive damage to networks worldwide.

Kaspersky Lab's chief security expert, Alexander Gostev, blamed Apple for not taking action sooner.

Gostev said Apple knew about the threat "for months" but did little to protect OS X users from the Java flaw. The same flaw in Windows and Linux machines had been patched months ago.

The infection makes it one of the largest in Apple's history. Kaspersky said around 98 per cent of the 600,000 machines infected with the Flashback malware run OS X. Of those, around 47,000 are based in the UK.

While Oracle, which develops Java, issued a patch for Windows and Linux machines around three months ago, Apple patches the Java implementation on OS X itself and only issued a fix earlier this month. This meant Mac users were left exposed to the infection for much longer than users of other operating systems.

"The three-month delay in sending a security update was a bad decision on Apple's part," said Gostev. "Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time."

He added that the problem was exacerbated by the "myth" of Apple computers being "malware free".

"Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security," said Gostev.

Apple said that while the vulnerability had been patched, it is still "developing software that will detect and remove the Flashback malware". At the time of writing the Cupertino-based company was yet to release the malware removal tool.

In the meantime, Apple has advised user to disable Java in their browser preferences and is said to be liasing with ISPs around the world to deactivate the botnet's command and control network.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Apple sues NSO Group over Pegasus attacks on its customers
spyware

Apple sues NSO Group over Pegasus attacks on its customers

24 Nov 2021
Apple launches self-repair scheme for iPhones and Macs
Business strategy

Apple launches self-repair scheme for iPhones and Macs

18 Nov 2021
Apple unveils Business Essentials suite for small businesses
business management

Apple unveils Business Essentials suite for small businesses

11 Nov 2021
Judge denies Apple appeal in Epic ruling
iOS

Judge denies Apple appeal in Epic ruling

10 Nov 2021

Most Popular

How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021