Apple's Security Weaknesses Exposed by Flashback Trojan Attack

By CIOinsight  |  Posted 04-16-2012

The number of Macs infected with the Flashback malware might be abating, but the damage to Apple's reputation within the security community could take longer to fix.

The company was criticized for being slow to offer the patch to fix the flaws in Java that made the Macs vulnerable, and even slower to offer a tool to detect and remove the Flashback malware once it was learned that the exploit had compromised as many as 600,000 Macs worldwide. In addition, Apple was seen as being uncooperative with experts in the security community, including the small Russian antivirus vendor that first detected the extent of the Flashback infections.

The incident also shook the reputation of Apple products being relatively invulnerable to malware and other malicious code. And security experts warned that, as the popularity of Apple Internet-connected devices--not only Macs, but also iPads, iPhones and iPods--continues to grow, so will interest from scammers.

"This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats," Mike Geide, senior security researcher at Zscaler ThreatLabZ, said in an email after Apple released a patch to fix the flaw in Java April 3. "And the need to follow best security practices, such as remaining current with patches, is ubiquitous it doesn't matter if you're using Windows, Mac or even a mobile phone."

Apple already has seen a rise in the attacks on its systems over the past year, including the Tsunami and Revier/Imuler Trojans and the Mac Defender fake antivirus program.

But it was the large number of Mac infections by the Flashback malware that made it stand out. The 600,000-plus didn't look like much when compared with the millions of Windows PCs that have been hit by malware in the past, but it also came out of a much smaller pool, and represented more than 1 percent of Macs in use worldwide.

"So one in 100 Macs is infected," researchers at Apple security software vendor Intego wrote in April 7 blog post. "It's clear that we are faced with an unprecedented attack of Mac malware."

In an April 11 blog post, officials with security software maker Symantec said that the number of infections worldwide had dropped to 270,000.

It also illustrated perceived shortcomings in Apple's response. The flaw itself was not in the Mac hardware, but in Java that users had downloaded onto their Macs. Oracle had patched Windows PCs weeks ago, but Apple--which doesn t let third-parties update Apple systems--didn't sent out the patch until April 3, about the same time Doctor Web and, soon after, Kaspersky Lab found that more than 600,000 Macs had become infected.

Flashback was first detected last year, running as a classic Trojan by masquerading as an update to Adobe Flash. However, new variants discovered in March showed it had evolved into a drive-by exploit, infecting the systems of Mac users who surfed to a compromised or malicious Website.

Within days, a host of security software vendors, including Kaspersky, Intego and F-Secure, began rolling out free tools designed to detect and remove the Flashback malware. Meanwhile, Apple officials on April 10 broke their silence, saying their engineers were working on a similar tool, which was released two days later. When F-Secure released its own tool April 11, Chief Research Officer Mikko Hypponen criticized Apple's slow response to Flashback as inadequate.

"Apple has announced that it's working on a fix for the malware, but has given no schedule for it, " Hypponen wrote in a post on the company's blog April 11. "Quite surprisingly, Apple hasn't added detection for Flashback--by far the most widespread OS X malware ever to the built-in Xprotect OS X antivirus tool. Also note that Apple has not provided a patch for the Java vulnerability used by Flashback for OS X v10.5 (or earlier)."


To read the original eWeek article, click here: Mac Flashback Attack Shows Apple's Security Weaknesses