The company noted that it released a fix earlier this month for a vulnerability in Java that is being exploited by the Flashback malware. As Paul Henry, security and forensic analyst with Lumension, commented, Apple wasn't exactly clear that the Java fix was intended to block Flashback malware infections.
Apple said in a blog: “By default, your Mac automatically checks for software updates every week, but you can change that setting in software update preferences. You can also run software update at any time to manually check for the latest updates."
Apple said that it is working with internet service providers to disable the Flashback command and control network. The company did not provide a timeframe for when the software fix might be available.
Dennis Fisher commented in a Kaspersky Lab’s Threat Post blog that “it’s not clear whether the fix that the company is developing will be an update for the XProtect anti-malware software that’s included with OS X or whether it will be a standalone tool.”
Kaspersky estimates that 670,000 computers have been infected with the Flashback malware, with more than 98% of those running Mac OS X. This is the largest Mac-based infection ever.