Flashback targets a Java vulnerability on Mac OS X. The first variant of Flashback was discovered by antivirus company Intego in September 2011.

According to the Russian antivirus company Dr. Web, a modified version of the "BackDoor.Flashback.39" variant of the Flashback trojan had gone on to infect over 600,000 Mac computers. These findings were quickly confirmed by another security firm.

Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012. However, Apple maintained the Mac OS X version of Java and did not release an update containing the fix until April 3. Last week, the company issued a further update to remove the most common Flashback variants. Both these updates have only been released for Mac OS X Lion and Mac OS X Snow Leopard; users of older operating systems are being advised to disable Java. There are also some third party programs floating around to detect and remove the Flashback trojan, but we highly recommend that you use Apple's tools available from their website. Apple is working on a new process that will eventually lead to a release of a Java JRE for Mac OS X at the same time as it is available for Windows, Linux, and Solaris users.

The most recent reports state that incidences of the Flashback trojan are declining rapidly, but the clean-up is still very much in progress.

We have helpfully linked the software updates from the TQO Updater section of April's newsletter (sign up here to get TQO) but you can also download them here on Apple's website.