Flashback, a Mac Trojan horse that’s been in the public eye since it was uncovered by security firm Intego last year, has a new trick up its sleeve: It can now infect your computer from little more than a visit to a website.
Originally, Flashback masqueraded as an installer for Adobe’s Flash Player—hence the name—but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.
The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password — via redwolf.newsvine.com
