The cybersecurity community raked Apple Inc over the
coals on Wednesday, saying the company had dragged its heels on eradicating
malware that experts say may have infected up to 600,000 Macintosh computers
and can be used to ferret out sensitive user information.
The
consumer electronics company said it was working on finding and ridding
"Flashback" malware that exploits a flaw in Oracle Corp's Java
software. Apple has issued patches and is now developing software to detect and
eliminate Flashback, it said on its website. The company declined to elaborate.
But
Apple is catching heat for not having quickly addressed the issue, even after
Oracle distributed its own patch in February.
Several
security blogs accused Apple of having not been forthcoming in the past about
security issues, but gave the company credit for stepping forward now.
"Someone
in Apple has broken ranks following the recent revelations of a Jolly Big OS X
botnet," Paul Ducklin at security specialist Sophos wrote. "Apple has
-- apparently for the very first time -- talked about a security problem before
it had all its threat response ducks in a row."
Trojans
and other malware typically target Microsoft Windows, long the dominant PC
operating system. Flashback stands out in that it represents one of the
largest-scale invasions of Apple computers, which are gaining ground on Windows
PCs.
Antivirus
specialists Symantec Corp said the malware surfaced last summer or early fall.
It said the number of infected computers, which hackers link into botnets to
access private information, had dropped to 270,000 as of this week.
FLASHBACKS
A
"Trojan" is a software program that looks and acts like a regular
program but opens backdoors into a user's computer systems.
The
Flashback software, also known as "Flashfake", advertises itself for
download on infected websites as a Java software add-on or applet, experts
said.
According
to Kaspersky Labs' Igor Soumenkov, more than half of the over 600,000 initially
infected computers, or bots, originated from the United States, and he
estimated more than 98 percent could be Macs.
The
software can be used to modify Internet pages, for example by adding a field
asking users to type private information such as bank account data, said
Michael Sutton, VP of Security Research at Zscaler ThreatLabZ.
Apple
has issued patches and is now developing software to detect and eliminate
Flashback, it said on its website.
"While
it's encouraging to see Apple taking steps to eradicate the Flashfake Trojan,
they're late to the party," Sutton said. "Unfortunately, Apple has a
long history of putting blinders on when it comes to dealing with security
researchers."
View orginal artical here-Apple
0 comments
Post a Comment