Apple Flashback.S Variant Surfaces, Activates On Macs Without Password

If you thought the Apple Flashback malware was behind us think again, research firm Intego has discovered a new variant called the Flashback.S which targets the same Java vulnerability that Apple recently patched without the need to enter a password for the variant to install.

The new installation places the exploit in a user’s home folder under the following locations:

• ~/Library/LaunchAgents/com.java.update.plist
• ~/.jupdate

The new exploit then deletes all files and folders in the ~/Library/Caches/Java/cache section. By deleting those files the applet is deleted from the infected Mac and the program is able to avoid detection.

The Flashback.S variant is already being spotted in the real world however it won’t install on your system if you have already installed VirusBarrier X6, XCode or Little Snitch. The new variant however does avoid Apple’s built in XProtect anti-malware tool which relies on an exact fingerprint of malware in order to delete the exploit.

XProtect you may recall was released when Snow Leopard 10.6 was released, it was meant originally to remove the MacDefender malware virus.

Recent Apple Mac system attacks have cast more focus on the company’s OS X platform which Apple has always touted as far superior to Microsoft’s Windows system in the exploit protection area.

The news of a new Flashback.S variant also arrives after a report by virus protection service Sophos found that 1 in 5 Macs are infected with Windows or Mac viruses.

Do you think the time is finally arriving when Apple’s Mac systems will no longer be viewed as more secure than Microsoft Windows systems?