New Mac Trojan variant can install without password

Flashback, a Mac Trojan horse that’s been in the public eye since it was uncovered by security firm Intego last year, has a new trick up its sleeve: It can now infect your computer from little more than a visit to a website.

Originally, Flashback masqueraded as an installer for Adobe’s Flash Player—hence the name—but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password — via redwolf.newsvine.com

Share this Story
Load More Related Articles
Load More By Red Wolf
Load More In Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

Photos from Flickr