If you think you are alrready infected, try this site:
The protection afainst Trojan Horse malware is not to use an Admin account for daily ise, and doenload updates only from trusted site. Flash comes from adobe.com, nowhere else.
You can disable in the browser you are using and/or more globally using the Java Preferences too (in Utilities), General tab (uncheck the checkboxes).
If it turns out you need it for some specific application or web site that you trust then turn it on only when running that application or visiting that site.
Flashback is a moving target with lots of strains (various versions, permutations) and changing all the time. So who knows what's next?
Incidentally, it is not "Adobe Flashback". Just Flashback. It got the name because one of the original strains of this trojan came from bogus versions of the Adobe Flash installer. The current strains are way beyond that now and have nothing to do with the flash installer.
Security hole exposes Android, iOS to Facebook identity theft
Summary: A new security vulnerability discovered in Facebook for Android and Facebook for iOS means your Facebook identity can be stolen if you use an Android phone, Android tablet, iPhone, and/or iPad.
Wright detailed the issue in a blog post titled “Facebook Mobile Security Hole allows Identity theft.” He explained that all a hacker needs is to grab your Facebook plist file (.plist is the extension used for a property list file, often used to store a user’s settings), which Facebook reportedly sets not to expire for another 2,000 years.
Here’s what happened when Wright sent his .plist over to his friend and blogger, Scoopz:
After backing up his own plist and logging out of Facebook he copied mine over to his device and opened the Facebook app…
My jaw dropped as over the next few minutes I watched posts appear on my wall, private messages sent, webpages liked and applications added.
Scoopz then opened Draw Something on his iPad which logged him straight into my account where he sent some pictures back to my friends.
In his post, Wright outlined five proof of concepts for the attack:
- A hidden application which runs on shared PC’s Any device plugged in to charge has the Plist copied.
- A recompile of an open source iphone explorer like program with the added code.
- A saved game editing tool with the added code.
- A credit card sized hardware solution that takes all of two seconds to copy the plist should you have physical access to an iDevice.
- A modified speaker dock.
That update, made available in the last few days, seems to plug the current vulnerability, but maybe not future ones.
Some programs demand Java to run, especially Adobe Creative Suite, so it may not be optional for some users.
So yes, if you are building a "standard reply", I think that should be added.