Forgot your password?
typodupeerror
Security Apple

Apple Developing Tool To Remove Flashback 212

Posted by Unknown Lamer
from the macs-can't-get-viruses dept.
Trailrunner7 writes, quoting Threatpost: "Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. ... Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
This discussion has been archived. No new comments can be posted.

Apple Developing Tool To Remove Flashback

Comments Filter:
  • Slow is good (Score:5, Informative)

    by Sarten-X (1102295) on Wednesday April 11, 2012 @09:37AM (#39643245) Homepage

    Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now.

    Because they're doing the same thing Microsoft does with its slow-as-molasses patches: testing for side effects, on every major application, on every piece of hardware they can get their hands on.

  • Re:Slow is good (Score:5, Informative)

    by FudRucker (866063) on Wednesday April 11, 2012 @09:40AM (#39643297)
    if it was Linux based malware a patch would have been out within 24 to 48 hours, six months is enough time to create a new version of the entire operating system,
  • Re:Slow is good (Score:5, Informative)

    by Anonymous Coward on Wednesday April 11, 2012 @09:50AM (#39643433)

    Actually the quote is quite opinionated and wrong. Apple provided java patches that basically close the hole and make the malware issue mute. Flashback HAS existed for months, but its also using a new vulnerability each time it comes up (its used a Flash hole, a PDF hole and a Java hole, three things not even developed BY Apple.) Likewise they have been patching the OS to flag Flashback in previous versions of the trojan.

    The whole quote both shows the writers complete lack of knowledge of whats been done about Flashback that any competent system administrator knows already (hell we even have scripts developed to flag machines that MAY be infected and have had them for months this is ON TOP OF the info Apple has been providing us) as well as his bias in trying to spin this as if this thing is a huge issue (honestly is not, its not even the first real vulnerability on the Mac OS, there were numerous worms for Quicktime back in the 90's that abused Quicktimes autoplay feature, AND THOSE didnt require you to authenticate as admin since pre-osX you ran as root.)

  • Re:Slow is good (Score:2, Informative)

    by Anonymous Coward on Wednesday April 11, 2012 @10:03AM (#39643577)

    they also have a culture of denying widespread hardware and software failures that most other companies would acknowledge quickly and get fixed quickly too.

    Really? Because I have never in 15 years of being a tech or system administrator who worked exclusively with Macs EVER had a issue with Apple admitting a hardware issue. Maybe a tech once in a while who didnt want to go through paperwork, but not my executive contacts who have replaced systems even when it WAS our fault, and we didnt have AppleCare on it.

  • Re:Slow is good (Score:2, Informative)

    by Anonymous Coward on Wednesday April 11, 2012 @10:06AM (#39643603)

    Yes, because Apple will have to test on such a VAST range of hardware...

    Actually yes, they do. They currently offer support on 3 different OSs (10.5-10.7) and close to a hundred different platforms with different configurations going back 4 years.

    You can even rent their test lab as a developer if you wanted to as well.

  • by guttentag (313541) on Wednesday April 11, 2012 @10:12AM (#39643677) Journal
    Running Software Update today to update Java will prevent you from getting flashback going forward, but that's not going to do anything if you already have it.

    Here's how to figure out if you have it (from Gizmodo [gizmodo.com]):

    1.Run the following command in Terminal:
    defaults read /Applications/Safari.app/Contents/Info LSEnvironment
    2. Take note of the value, DYLD_INSERT_LIBRARIES
    3. Proceed to step 8 if you got the following error message:
    "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"

    If you don't get that error message, well, time to head to F-Secure for your fix. If you're clean so far, you can move on to step eight:

    8. Run the following command in Terminal:
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
    9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
    "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"

    In other words: "does not exist" means you've got a healthy rig. Anything else, just keep following F-Secure's instructions [f-secure.com] to vanquish the intruder.

  • Re:Slow is good (Score:2, Informative)

    by Anonymous Coward on Wednesday April 11, 2012 @10:26AM (#39643831)

    And it would have required editing a text configuration file and then running the patch from the command line,.

    Bit of a pathetic troll given there's been gui package managers where you click on 'apply' or similar to bring your entire system up to date for more than 10 years.

  • Re:Slow is good (Score:4, Informative)

    by Theophany (2519296) on Wednesday April 11, 2012 @10:30AM (#39643887)
    Logic board went kaput on each on of them. IIRC there were 8 machines in total. Despite my many attempts to reason with them, they wouldn't even give us a discount on the repair costs as a show of goodwill.
  • Re:Slow is good (Score:5, Informative)

    by oh_my_080980980 (773867) on Wednesday April 11, 2012 @10:50AM (#39644127)
    Actually no that's not correct. Apple and Oracle are working together on it:

    "In November, Apple and Oracle announced that they would collaborate on a Mac-based incarnation of OpenJDK, an open source version of Java."

    http://www.theregister.co.uk/2011/02/27/no_java_in_mac_os_x_lion/ [theregister.co.uk]
  • Re:Slow is good (Score:4, Informative)

    by oh_my_080980980 (773867) on Wednesday April 11, 2012 @10:53AM (#39644167)
    And this

    Oracle Previews Java SE 7 for Mac OS X, Unveils Java SE Roadmap
    Oracle is releasing a technology preview of Java SE 7 on Mac OS X and said it plans to release Java SE 7 on Mac OS X for developers in the second quarter of 2012 and a consumer version later that year.

    http://thejournal.com/articles/2011/10/06/oracle-previews-java-se-7-for-mac-os-x-unveils-java-se-roadmap.aspx [thejournal.com]
  • Re:Slow is good (Score:5, Informative)

    by CharlyFoxtrot (1607527) on Wednesday April 11, 2012 @10:53AM (#39644173)

    A) Vulnerability has been patched [cnet.com].
    B) It's not that difficult to detect and remove [cnet.com].

    This is strictly about helping non technical users that might be infected in an easy way. It's these users that were specifically targetted by the way since the malware targets old versions of Java and even checks for the existence of "power user" tools [cultofmac.com] installed and doesn't install if they are :

    "4. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools.'

Cobol programmers are down in the dumps.

Working...