Apple accused of being slow to eradicate Mac malware
Cyber security experts have criticised Apple for being slow to address malware which could have infected up to 600,000 Mac computers.
Consumer electronics company Apple said it was working on finding and ridding "Flashback" malware that exploits a flaw in Oracle's Java software and can be used to ferret out sensitive user information.
Apple has issued patches and is now developing software to detect and eliminate Flashback, it said, declining to elaborate further.
However Apple is being accused of not having quickly addressed the issue, even after Oracle distributed its own patch in February.
Several security blogs accused Apple of having not been forthcoming in the past about security issues, but gave the company credit for stepping forward now.
"Someone in Apple has broken ranks following the recent revelations of a Jolly Big OS X botnet," Paul Ducklin at security specialist Sophos wrote.
"Apple has - apparently for the very first time - talked about a security problem before it had all its threat response ducks in a row."
Trojans and other malware typically target Microsoft Windows, long the dominant PC operating system.
Flashback stands out in that it represents one of the largest-scale invasions of Apple computers, which are gaining ground on Windows PCs.
Antivirus specialists Symantec said the malware surfaced last summer or early fall.
It said the number of infected computers, which hackers link into botnets to access private information, had dropped to 270,000 as of this week.
A "Trojan" is a software program that looks and acts like a regular program but opens backdoors into a user's computer systems.
The Flashback software, also known as "Flashfake", advertises itself for download on infected websites as a Java software add-on or applet, experts said.
According to Kaspersky Labs' Igor Soumenkov, more than half of the over 600,000 initially infected computers, or bots, originated from the United States, and he estimated more than 98 per cent could be Macs.
The software can be used to modify Internet pages, for example by adding a field asking users to type private information such as bank account data, said Michael Sutton, VP of Security Research at Zscaler ThreatLabZ.
Apple has issued patches and is now developing software to detect and eliminate Flashback, it said on its website.
"While it's encouraging to see Apple taking steps to eradicate the Flashfake Trojan, they're late to the party," Sutton said.
"Unfortunately, Apple has a long history of putting blinders on when it comes to dealing with security researchers."
"Africa is abundant with engineering opportunity. We look at some of the projects and the problems."
- Greenpeace frowns at Centrica's getting a shale-gas venture stake
- HMS Queen Elizabeth nears completion
- World’s most advanced comms satellite shipped to launch site
- Scientist to benefit from exascale supercomputer deal
- Chinese space capsule reaches its ‘Heavenly Palace’
- Dinosaurs’ app uses augmented reality
- E&T magazine - Debate - HS2, the need for speed [01:33 pm 18/06/13]
- Creating an Iphone App [05:50 pm 17/06/13]
- CO2 is good [07:29 pm 16/06/13]
- DECC-EDF makes yet another attempt to fund 3rd Generation Nuclear at any cost [05:02 pm 15/06/13]
- Transformers Vector Group [09:46 am 15/06/13]
Tune into our latest podcast