Thanks to a well-documented flaw that Apple didn’t patch for three months, a nasty piece of malware called Mac Flashback seems to have infected nearly 600,000 Macs worldwide (according to Russian security firm Dr. Web).
Here are three things you need to do today:
— Check to see whether your Mac is infected by Mac Flashback. The social-networking news site Mashable has created a script that will do so for you. The instructions are on the Mashable website.
If the script does find an infection, which can be at either or both of two different places in the Mac OS X file system, removal is a bit complicated.
You’ll have to go into the Terminal app and take the Mac Flashback removal steps detailed by Finnish security firm F-Secure.
— Update OS X with the latest security patches from Apple. Apple patched OS X 10.6 Snow Leopard and OS X Lion earlier this week, but it just updated the patch for Lion Thursday, April 5.
If you’re on a PowerPC-chip-based Mac running OS X 10.5 Leopard, Apple no longer cares about you (see below).
— Take a deep breath and say to yourself, “Steve Jobs is dead and my Mac is not immune to malware.” Then install a solid anti-virus product. Today, right now, ASAP.
The weak anti-virus software that Apple bundles into OS X 10.7 Lion doesn’t cut it, and neither will the half-hearted Gatekeeper feature in the upcoming OS X 10.8 Mountain Lion.
Take a look at the paid products reviewed by our sister site TopTenReviews, or go to the website of the British security firm Sophos and download and install their free Mac anti-virus software.
Additionally, there are two things you probably should do:
— Disable the Java run-time engine, if you’re not using it.
Java, the platform-independent environment used to run Web apps and perform other tasks, has too many flaws to justify its use unless it’s absolutely necessary. (Apple tacitly acknowledged this when it didn’t bundle Java into OS X 10.7 Lion.) Open the Java Preferences utility in Mac OS X, uncheck all selections and reboot.
Unfortunately, some software, such as the applications in Adobe’s Creative Suite, including Photoshop, Illustrator and InDesign, requires that Java be enabled.
In that case, you’ll just have to trust Apple once more, even though it was remarkably late about riding to the rescue in this instance. The Java flaw that Mac Flashback exploited was patched two months ago for Windows and Linux.
— If you’re still using a PowerPC Mac, it’s time to move on.
Apple’s excellent hardware means there are millions of perfectly good PowerPC machines still out there and running well, some of them built as recently as 2006. But Apple no longer supports or releases security patches for them. It wants you to upgrade, and now you don’t have a choice in the matter.