Fans of the Apple OS aren't going to like hearing this, I'm sure, but I've been seeing a slow but steady creep of emails, alerting me of a new vulnerability or potential for attack.
The latest is a drive-by attack exploiting a vulnerability in Java, targeting computers that use the Mac operating system. According to MSNBC:
Monday, the Finnish security firm F-Secure reported that the Mac Flashback Trojan, which has been steadily evolving since September, now exploits a flaw in the Java engine that many websites use to host games and other applets.
The flaw was first discovered in January and was patched by Windows in February. The Apple patch has just been released, according to CNET. That's the good news, and it is recommended that anyone who runs the Mac OS and uses Java download the patch immediately. (Better yet, most security experts will advise you to stop using Java altogether, but that's a different story for a different day.)
Now, here's an interesting comment from the CNET article that includes links to the patch downloads. The article's author, Topher Kessler, is a long-time Mac user, and he wrote:
While Apple has been criticized for lagging behind in its support of Java updates, this update has been released in less than a week since the initial reports of the latest Flashback malware variant.
Yet, go to the Sophos Naked Security blog, and you'll read this:
Apple users won't feel any consolation at all in the knowledge that their Windows cousins have been protected against the flaw since February.
So my question is this-was there a brand new flaw just recently discovered by Apple, or has it been kept quiet so it seems like Apple found the vulnerability recently and patched it right away?