|
The drop follows the release of a revised version of Apple's Java update which cleans up the more common Flashback variants as well as patching the security flaw exploited by Flashback.K.
One of the nasty aspects of Flashback is that it allows the people behind it to install additional malware on infected computers. So far, it has only been used to deliver malware that hijacks search results.
Kaspersky has stated that Flashback.K was distributed by exploiting a flaw in the popular WordPress blogging software. The widespread use of WordPress coupled with the Java drive-by exploit used to deliver the malware helps explain the large number of Macs that were infected (the Windows version of Java was updated a couple of months earlier).
The success of Flashback.K suggests that attackers may pay increasing attention to vulnerabilities that are fixed on other platforms weeks or months before Apple distributes the corresponding updates. That may push Apple into tracking more closely the open source and other third-party components that go into Mac OS X.