Jamf Nation Community

Agreed. I do hope this serves as a lesson for Apple that they need to get faster with releasing updates, even if they are 3rd party products used on the platform.
I don't entirely believe the numbers but there are reports of a botnet of Flashback infected Macs that is over a half million strong. (!) Even if the numbers are much lower, this does nothing but give fodder for the Mac-haters out there to claim that Macs are "just as vulnerable as PCs'" or something. It doesn't matter if its not true, the truth never stopped that crowd from making ridiculous claims in the past.

The dumber the user, the more vulnerable any computer is. So technically the Mac is every bit as vulnerable to this type of attack as the Windows computers. We just need to protect the really dumb users by preventing them from being able to install these types of things, but out of the box every user on a Mac is an Admin, so really Apple is no better than Windows in that respect.

Apple serves us Java they better serve us a version that isn't spoiled and sitting on the counter for 3 months.

@nessts, while I agree its part of our job to protect against stupidity, when Apple takes months to release an update from a vendor with such a nasty exploit in it, it makes our jobs of protecting the dumb people that much harder, unnecessarily. Its one thing for someone to foolishly fall for a human engineering exploit that asks for your admin password. Its quite another when you can get infected just by visiting a website.
I just think they were really too slow in addressing this and are faster next time.

Also I wouldn't call anyone dumb just not as knowledgeable. Not everyone strives to learn or know how a computer works thats what we get paid for.

Does anyone know if ClamXav checks for and removes this malware? I've read that it won't install if ClamXav is present, but, I'd like to know if it also disinfects if it is somehow present on the computer.

~Ted

@taugust04

Yes:

http://lurker.clamav.net/message/20120409.123601.0b3afe7b.en.html

To join:

http://lists.clamav.net/mailman/listinfo/clamav-users

@donmontalvo

Awesome - thank you sir, for the link. The decision to include ClamXav on all my installs, along with a launchd job to update definitions regularly, turned out to be a wise one.

Just got a response from Symantec enterprise support on whether their NAV/SEP definitions protect against OSX.Flashback...

The new variant of OSX.Flashback is known as OSX.Flashback.K. Any virus definitions prior to April 9, 2012 will identify the new variant as simply OSX.Flashback. The current virus definitions will detect and remove this threat upon detection on a scan with the SEP client or with Auto-Protect.