In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors, and Apple said is working with ISPs worldwide to cut off these servers' access.
A Kaspersky Lab researcher told the New York Times that the malware attack the largest to date against Macs and the most sophisticated. About half of the infected Macs are in the United States.
Apple says it released a Java update on April 3 to fix the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. Macs are set to check for updates weekly, and users can initiate such an update check manually. Users with Macs running Mac OS X v10.5 or earlier can protect themselves by disabling Java in their web browsers, Apple recommended.
Is it a surprise that this happened? Not really. As Apple has gone from a niche player to one that is more accepted in businesses, it was only a matter of time before it became a bigger target for digital troublemakers. Now that it has happened, what should Apple do and what should MSPs do?
Apple has stepped right up to fix the flaw, issue updates and develop malware removal tools. But does there come a point when the tech giant will need to lean more heavily on partners such as MSPs? MSPs have more local feet on the street to help users who can't always take hours out of their days to trek over to the Genius Bar. Perhaps Apple could take a cue from its own recent introduction of the Apple Configurator to bring to market more tools to make it easier for MSPs to secure, update and remediate Mac computers should the unthinkable happen.