The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


New Mac malware abounds

Posted on April 25th, 2012 at 12:27 PM EDT

Several new malware programs have appeared for the Mac in the last week or so, bringing the grand total of new Mac malware in the first four months of 2012 to 5, compared to 6 for all of 2011.*  This increase in Mac malware is a concerning trend, and is making for lots of juicy news stories in the media.  But how much do Mac users really need to worry about this?  That’s a hard question to answer, since every individual will have a different threshold for worry, but let’s start with some facts. Read the rest of this entry »

8 Comments


Confusion abounds over Apple’s Flashback removal tool

Posted on April 17th, 2012 at 10:32 AM EDT

Many users are confused by Apple’s updates that address Flashback.  They are uncertain which one is appropriate for their computer and are left wondering where the tool is installed and how to run it.  Even some Mac experts are confused, some of them even posting erroneous information online, which isn’t helping things.  Add Apple’s inconsistent naming scheme for these updates and vague documentation and it has become a huge source of frustration for many.  Fortunately, there are very easy answers to these questions. Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.


Sabpab malware mimics Flashback

Posted on April 13th, 2012 at 9:10 PM EDT

Sophos announced the discovery of more new malware for the Mac today.  Called Sabpab, it uses the same Java vulnerability as Flashback to install itself as a “drive-by download.”  Users of older versions of Java now have still more malware to worry about.  If you are using Mac OS X 10.6, or if you have Mac OS X 10.7 and have installed Java, you should immediately install the latest Java update.  It will be available in Software Update if your machine needs it. Read the rest of this entry »

9 Comments


Apple update removes Flashback

Posted on April 12th, 2012 at 10:10 PM EDT

Apple released a pair of Java updates today, one for Lion and one for Snow Leopard, that not only patch Java, but also remove Flashback if it happens to be installed. All users of those systems should immediately download and install Java for OS X Lion 2012-003 or Java for Mac OS X 10.6 Update 8. Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.


Apple patches Java to eliminate latest vulnerability

Posted on April 3rd, 2012 at 5:47 PM EDT

Yesterday, it was discovered that a new variant of Flashback was taking advantage of an unpatched vulnerability in Java to install itself after the user visits a malicious web site.  Today, in an unprecedented show of speed, Apple has released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7.  These updates bring Java up to version 1.6.0_31, which fixes those vulnerabilities. Read the rest of this entry »

2 Comments


URGENT: Flashback now targeting fully up-to-date Macs!

Posted on April 2nd, 2012 at 8:04 PM EDT

If you have not already disabled Java in your web browser, don’t even finish reading this article – go disable it NOW!  (Instructions can be found in More new tricks from Flashback.)  Why?  Because unlike previous versions of Flashback, a new variant has been discovered that is taking advantage of a Java vulnerability that Apple has not yet released a patch for.  This means that every person with Java installed on their Mac is now vulnerable to drive-by malware installation! Read the rest of this entry »

7 Comments


More new tricks from Flashback

Posted on March 7th, 2012 at 1:59 PM EDT

Intego has announced the discovery of yet another variant of Flashback.  The new variant, called Flashback.N, is based on the previous Flashback.G, and it also uses Java to get its dirty work done.  Worse, Intego now claims that Flashback is made by the same people who were behind the MacDefender malware last year! Read the rest of this entry »

1 Comment


Flashback infections becoming widespread

Posted on February 21st, 2012 at 10:16 AM EDT

A little more than a week ago, I wrote about a new variant of Flashback that displays virus-like behavior, being able to infect the machine without user interaction, in Flashback using Java vulnerabilities.  I did not take this too seriously, since the current version of Java fixes the vulnerabilities that this relies on.  However, many users evidently still have outdated versions of Java installed, as there has been an explosion of users reporting symptoms of Flashback infection.  I cannot over-emphasize the fact that all Mac users need to immediately check the version of Java that they are running, and update if necessary! Read the rest of this entry »

7 Comments


Flashback using Java vulnerabilities

Posted on February 10th, 2012 at 4:19 PM EDT

According to Intego, a new variant of Flashback has appeared that is taking advantage of Java vulnerabilities and a new social exploit.  Most concerning is the fact that the malware is apparently able to infect a Mac without any user interaction at all!  As I haven’t seen any other reports of this new trojan yet, we’re going to have to rely solely on Intego’s report. Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.


Flashback targets XProtect

Posted on October 20th, 2011 at 9:51 AM EDT

Security firm F-Secure reported yesterday on a new variant of Flashback that targets the built-in malware protection in Mac OS X.  Apparently, this variant deletes and overwrites the XProtectUpdater process, which is responsible for keeping the XProtect malware definitions up-to-date.  This means that, if you get infected, repairing the damage becomes more difficult.  Even if you remove the malware, XProtect will have been crippled, making it easier for you to be infected by other malware in the future. Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.