With Apple pushing out both a standalone removal tool for users and a combined Java update/removal tool, it’s safe to say that the current outbreak of Flashback malware is well on its way to being addressed. However – such a widespread incident (affecting at least 1% of all Macs in use today) is likely to have long-term repercussions on the threat landscape for Apple Mac computers.
Macs: Innocent No More
Macs have not been as big a target for cybercriminals for one simple reason: they weren’t worth attacking. When Mac OS X was first launched in 2001, the Mac market share was small enough that it wasn’t worth it for cybercriminals to target those systems – not when there were so many low-hanging fruit in the form of Windows systems.
Now, however, somebody in the cybercriminal underground has proven that Macs are a perfectly viable target for attacks. Half a million users is nothing to sneer at. Where this unknown attacker led, we expect others to follow. Further convoluted attacks targeting Macs are likely to occur soon, now that somebody has proven that it’s possible (and dare we say profitable) to carry these attacks out.
In fact, this is something that’s already well under way. Before Flashback hit the news, we’d already found targeted attacks that affected Mac users as well. We’ve also found a new threat right after that – the SABPAB malware family – that exploits either the same vulnerability as Flashback, or other Mac-specific vulnerabilities in Microsoft Office. (We detect these threats as OSX_SABPAB.A, with the malicious Office documents detected as TROJ_MDROP.SBPAB.)
Mac users will have to learn, the hard way, that no operating system is completely secure. They will have to learn the best practices that Windows users take as “normal” in order to avoid becoming victims of the next big Mac malware event.
Apple: Room for Improvement
As Macs become a bigger target, Apple is going to have to deal with the fact that they are a bigger target now and figure out how to manage the increased burden. So far, things have not been encouraging.
The underlying vulnerability that Flashback used was not unknown before Flashback entered center stage in public. In fact, in the Windows version of Java, it had already been fixed and patched as early as February. However, because Apple distributes its own copy of Java, the said fix was not made available to Mac users until after Flashback had started spreading through the Mac community.
As a result of what happened with Flashback, it can be taken for granted that attackers will be waiting for the next Java update (which will arrive in May, since Oracle does quarterly scheduled updates) and seeing which flaws can be exploited on Macs as well. If Apple acts with the same seeming lack of urgency as it did with the previous patch, another Flashback-like malware attack becomes much more likely.
In addition, Apple could also use this experience to work better with the security industry. Apple’s initial response to Flashback has been criticized by some parties; it’s clear the company does not have the experience that other vendors (like Microsoft) have had in dealing both with security vendors and threat incidents.
However, don’t get me wrong and let’s not put the whole patching debacle at Apple’s feet. At the end of the day it is a tough balancing act to integrate several thousand pieces of code and yet, execute form and function, the way Cupertino has been known to set itself apart really well. There is also the matter of other third-party applications and plug-ins which users have to be mindful of and keep updated on their own, not unlike, as previously mentioned, in the more predominant Microsoft Windows environment.
Mac malware has arrived, and is here to stay. Both users and Apple will have to adjust to this new reality in order to protect themselves and the entire platform as a whole. The infographic below highlights some of the threats we’ve seen for Macs in recent years: