I. Half a Million Macs Infected
The new malware first takes root by masqerading as a Flash player update, which many users haplessly approve. It then does various devious and dastardly deeds, depending on the variant.
II. Apple Moves Sluggishly to Fix Gaping Holes
In recent months Flashback has been exploiting three specific known Java vulnerabilties. Oracle Corp. (ORCL) had fixed these vulnerabilities way back on Feb. 14, but Mac users did not have access to the free protection as Apple does not allow Oracle to directly update its machines.
Instead Mac users had to wait until 4/4/2012 — this Wednesday — to receive a patch for the last of the flaws. A second update was released yesterday, according to security firm Intego. Given that there are commonly other flaws that are patched by Oracle, but not on Macs, these latest patches are likely only to slow — not stop — the malware.
In addition, Apple does not automatically install such critical updates on users machines. Rather it prompts them that the update is available in OS X, then allows them to install the update at their own convenience. As a result, many users may never patch the flaws or go weeks unprotected. This contrasts with Microsoft who forces users to endure the occasional nightly reboot in the name of security.
Apple has long practiced a negligent approach when it comes to security. Where Microsoft rewards developers who point out potential security flaws, Apple bans them.
III. Macs — Not That Safe Anymore
Apple users, like Linux users, long trumpeted their platform’s “superior security”. Even Apple joined in this fun, attacking veteran operating system maker Microsoft Corp. (MSFT). While there was some truth in these claims, it was largely due to Apple’s miniscule market share — malicious hacking tends to be profit-motivated and spending a whole lot of work to infect a small portion of a few million machines seemed a lot less attractive than being able to infect hundreds of millions of machines with Windows-geared exploits.
Apple’s reaction has been slow at best. Apple still insists on redistributing third parties security updates, but does so at a leisurely pace, endangering its users. At the same time, the company was revealed to have been instructing its technicians to lie to users and not tell them if their systems are infected.
Timur Tsoriev, an analyst at Kaspersky Lab tells BBCNews, “People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth.”
Unfortunately many Mac users don’t realize that, faithfully believing that Apple is delivering them superior protection. Sadly their faith is misplaced.