The H-Online: As expected, Apple has released an updated version of the Java implementation for its Mac OS X operating system that includes a removal tool for the Flashback trojan. According to the company, the update, labelled “Java for OS X 2012-003“, finds and removes the “most common variants” of the malware which had infected approximately 600,000 systems using flaws in the previous version of Java.
Additionally, the new Java update for Mac OS X 10.7 Lion prevents Java applets from being automatically executed by disabling the Java web plugin by default. Users can re-enable the automatic execution of Java applets via the Java Preferences application (Applications ➤ Utilities ➤ Java Preferences). However, if the plugin detects that Java applets have not been run for “an extended period of time”, it will automatically disable applet support again.
The company has also released another Java update (Java for Mac OS X 10.6 Update 8) for systems running Mac OS X 10.6 Snow Leopard which removes the Flashback trojan. However, unlike the update for 10.7 Lion, it does not disable Java applets by default. Apple recommends that users who do not use Java applets should manually disable the Java web plugin in their browser; instructions for disabling the Java plugin in Safari are provided.
Java for OS X Lion 2012-003 and Java for Mac OS X 10.6 Update 8 are available to download from Apple’s Support Downloads site. Alternatively, users who previously installed Java on their systems can upgrade using the built-in Software Update function. All users are advised to install the updates.