Skip navigation
Currently Being Moderated

Flashback malware and Java issues.

Queenstown Maryland
Level 9 Level 9 (62,025 points)
VERSION 36  Click to view user tip history Published
Last Modified:  Sep 11, 2012 7:08 PM

Flashback was a serious attempt to cause damage to Macs with Adobe Flash & Oracle's Java on April 7, 2012. 


Additionally, it was recently found that Java 7 has some known security holes which should be avoided.  To check which Java version you are running, see this link.  Java 6 release 35 and Java 7 release 7 are both verified to not have the zero day vulnerability.  Java 6 release 35 for Mac OS X 10.6, and Java 6 release 35 for 10.7. Java 7 release 7 is needed for 10.7.3 to avoid the most recent issues with Java.  


Adobe has posted this link to check your Flash version.


Apple has posted a knowledgebase article about the Flashback malware.  Links below to the removal tools should only be applied after backing up.  Please read the entire article to determine what is needed first before jumping into the fray.


For 10.7.3 users who do not have Java installed, Apple has now released a Flashback removal tool


For 10.6.8 users there is this patch.


For 10.5.8 Intel Users, May 14, 2012, Apple released this patch and removal tool.  From what is known PowerPC users generally are unlikely to be affected, but this may change in the future, though Apple has yet to come out with a definitive statement.  Post to if you believe there should be a statement.


For PowerPC, 10.6.0 to 10.6.7, 10.7 to 10.7.2, 10.5.7 and earlier, disabling Java is probably the best action you can take to avoid being impacted.  Furthermore,

ignore any requests to update Adobe software from non-Adobe websites, or Java from non-Oracle or Sun websites, or Apple's Software Update.


If you appear to have been infected, and have a machine that supports 10.5.8 (Intel Macs older than August 28, 2009),  10.6.8 or 10.7.3 backup to a new place before installing any software, so you can see if you can apply the 10.5.8, 10.6.8, or 10.7.3 update if needed, and the patch it with Apple's patch to Java that corrects the hole in Java.  You may need to watch your financial data to ensure no one has hacked that or stolen your identity more carefully.   Several places on the net offer infection tests.  Some are more reliable than others, and I would ask in the forum to ensure you get the most reliable.


People with slow internet connections who need to update to the appropriate version of 10.5, 10.6 and 10.7, should take the appropriate link with them and copy the installer DMG file to a USB flash drive to be updated to the version able to be patched: 10.5.8 Combo10.6.8 Combo and 10.7.3 Combo.  If interested in updating to 10.7, read this tip.


Until all known varients of the malware have been diagnosed, you are probably better off with Sophos to ensure you catch all known variants.


Downloads Apple posted on April 12th at the same links Apple offered before now offer new capabilities. Only these now include a built-in removal tool of Flashback. 

If you have 10.5,8, 10.6.8 or 10.7.3, Apple's Java patch catches and stops most of these through the security updates in the links for each operating system, 10.5.8, 10.6.8 and 10.7.3


If after using these downloads, you still appear to have the Malware, be sure to post to the forum what you find, and someone will be able to help.

Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in this User Tip. Apple encourages you to first seek a solution at Apple Support. Any links in this user tip are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use this user tip at your own discretion.
Comments (0)
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.